Research And Simulated Implementation Of KVM Virtual Machine Risk Assessment

Cloud data center consolidates computing,storage and network resources into a dynamic virtual resource pool by using virtualization,and users can on-demand access resources and pay for them,thus,the people benefit from the powerful computation ability and flexibility of the cloud data center.However,with the increased dependence of users on the cloud data center,it brings a series of problems,such as data security,service stability,reliability and continuity etc.Although the risk assessment can help managers accuratly recognize the current threats of system,meanwhile,some measures against the threat have been proposed,most of them are static and human intervention.The assessment results are comprehensive and thorough followed by these exisiting methods,however,much time and manpower will be consumed,besides,these methods are not apdtive to complex network environments.For this end,this thesis designs a real-time and simple virtual machine risk assessment method based on KVM.Impact factors of virtual machine risk assessment are asset,threat and vulnerability.To realize the risk assessment plateform of virtual machines,the asset,threat and vulnerability of are firstly needed to be identified.Confidentiality,integrity and availability are three security attributes evaluated for the asset of virtual machines,i.e.,the asset of the virtual machine is not measured by the economic value,it is decided by the achievement degrees of these three security properties.The vulnerability exists along with the asset,and each asset item needs to be protected,and we should identify the weaknesses that may be used by threat.The threat utilizes the asset vulnerability to damage the virtual machine system.In this thesis,the identification of virtual machine asset mainly considers availability;the virtual machine system faces two threats:LOIC attack and ARP attack;the vulnerability is mainly determined by the network bandwidth and the utilization of CPU resource.ARP attacks make the network traffic of virtual machines grow abnormally,resulting in the network congestion;LOIC consumes the CPU resource of virtual machines.After performing the identification of the factors affecting the risk assessment,the quantitative method of risk assessment will be utilized.Each kind of impact factor has five levels,thus,the final risk value also has five grades.Then,the calculation process of the threat and vulnerability are designed in detail.This thesis uses software Naigos to monitor the utilization of CPU resource and network bandwidth,in order to calculate vulnerability;and it calculates the threat value by computing the attack frequency through OSSEC.The risk value of the virtual machine is determined by using the multiplication approach,and then the risk value is classified according to different risk levels,meanwhile,the manager can take safety measures to prevent the occurrence of threat.Finally,the risk assessment monitoring platform of KVM virtual machines is built and we make experiment analysis.Since the same asset may be different in virtual machines,this thesis creates five kinds of virtual machines that have various CPU and memory resources,and thus five asset values.At the same time,the Nagios and OSSEC softwares are installed in the host and virtual machines,it can real-time update the values of threat and vulnerability.The experiment results show that the risk values of virtual machines are arranged in the descending order of the asset.In addition,trough the analysis of the impact factors,we find that the asset value plays an important role in determining the risk value.When the threat value remains constant,the risk value of the virtual machine with the large asset varies with the utilization of CPU resource.