| As one of the core technology of cloud computing,the virtualization technology has been widely used with the development of cloud computing,which has greatly improved server hardware utilization.Cloud services platform,which based on virtualize environment and contains a lot of security information,has become the focus of hackers,which made effective security policies for virtualized environments become the current research focus.Virtualization-based security monitoring,which is related to the security of virtualization technology,can be classified into internal monitoring and external monitoring for real-time monitor the virtual machine internal security.However,semantic gap is the fatal flaw of the virtualization-based security monitoring technology.At the same time,the lack of completely effective security architecture for virtualized environment is also a problem.Attack graph,as the current most popular security tool,can not only analyze the vulnerability of a particular network,but also can reflect the dependencies between vulnerabilities,simulate all possible attack paths attackers might use,which make up the traditional security analysis technology,so that widely used to assess network security,analyze the correlation of alarms,and so on.This paper proposes an attack graph-based virtualization security defense model,with using attack graph to analyze the security of virtualized environment.The model includes virtualization attack graph construction,alarm correlation analysis,safety analysis and defense policy analysis.First,Virtualization Attack Graph is proposed,which is add the relationship between virtual machine and virtual machine host to traditional attack graph.Virtualization Attack Graph is combined with the network connection information,vulnerabilities information and their dependencies.Secondly,this paper presents a security analysis method from a defensive point of view.Model combines alarms generated by intrusion detection tool,analyze their correlation based attack graph,as a reflection of the network's real security.According the value of the state node,the threat value of the action node,the account of alarms and the location in attack path,model proposed the defense value calculation algorithm.Finally,according the attack graph,model use minimum cut algorithm to solve the minimum vertex set.Taking into account the defense value of action node,costs of defense,model takes the minimum cut which has the maximum defense efficiency as the optimal defense strategy.This paper designed and implements a virtualization security defense system based on the above research,and set up the experimental environment.The result of the experiments verity the feasibility of the system. |
PDF Full Text Request