Research On Proactive Defense Methods Against Co-resident Attack Of Virtual Machines Under Cloud Environment

Because of the efficiency of large-scale storage and computing ability,cloud computing has received extensive attention from the industry.By abstracting traditional physical resources,cloud computing can achieve flexible scheduling of computing resources,thus providing users with on-demand self-service,forming a fast and flexible computing mode of resources.At the same time,cloud computing provides services through the network,which means that users are no longer limited to the local hardware or software resources,they can get services anytime and anywhere,not limited by time and space.Cloud computing provides three types of service models: infrastructure as a service,platform as a service,and software as a service.In the infrastructure layer,thanks to the virtualization of the computing resources,different users can share the underlying physical resources.However,this pattern of resource sharing will bring some security risks,in which the co-resident attacks between virtual machines have caused deep research.In view of this security threat,researchers put forward many solutions,but some of these methods require extensive changes to the software and hardware,which are not conducive to the deployment;some only aim at certain scenes of the attack,which are not universal;and other methods are too expensive and difficult to be really applied.Therefore,it is an important factor to ensure the security and stability of cloud environment without affecting the characteristic of resource sharing.In order to achieve the above objectives,this paper studies the proactive defense methods against the co-resident attack between virtual machines.Specifically,the main work of this paper includes the following aspects:First of all,we take a deep research in the cloud computing technology and co-resident attack.The two characteristics related to co-resident attack in cloud computing,namely infrastructure as a service and virtualization technology,are introduced,and the security risk in cloud environment is outlined.Then we summarize the definition of co-resident attack,including its implementation methods,identification methods and specific security threats.And we analyze the current domestic and foreign research status of the co-resident attack from two aspects,including attack and defense.Thus we can explore the nature cause of attack behavior,which lays a foundation for further study.Then,in cloud environment the current placement strategy of virtual machines makes the attackers achieve a high co-resident probability with low cost.Aiming at the problem that attacker can quickly and massively initiate an attack,we take research on placement strategy in order to achieve the purpose of proactive defense against co-resident attack.The specific method is: we dynamically choose the most suitable placement strategy for the current cloud environment based on the characteristics of their respective placement strategy,changing the traditional single and static placement strategy.In this way we increase the difficulty for attacker to co-resident with target,making defense from the source of co-resident attack.This method can reduce at least 60% co-residence probability.In addition,attacker can exploit the common vulnerability of operating system to compromise all virtual machines that share the common vulnerability.To address this security threat,a diverse operating system deployment strategy is studied.We consider that the operating system has the characteristic of diversity,so we design an interactive workflow,and provide the operating system configuration method with the highest diversity degree for the user,thus avoiding the situation that an attacker may use common vulnerabilities to compromise large range virtual machines of normal users.With these methods,we increase cost and time for the attacker to launch attacks or intercept privacy from targets.This method can reduce the attack efficiency by 33.46% at least.Finally,aiming at a special attack form,namely DoS attack in cloud environment,we take some research.Although the above research has a significant effect in reducing co-residence probability of attacker with target and increasing the cost of attacker,it cannot effectively prevent DoS attack in cloud environment.This form of attack does not aim at targeted users,and is difficult to recognize the attacker,however it's still based on co-resident state of virtual machines.Therefore,the final work is to study how to use virtual machine migration technology to prevent or mitigate DoS attacks.We put forward an effective and feasible virtual machine migration strategy,including virtual machine selection,migration time and destination of choice.Compared with other methods,our method can more rapidly relief the effect caused by DoS attack with litter increase of overhead.This paper uses proactive defense thought to solve security problems in cloud environment,which not only enriches the application scenarios of proactive defense theory in the field of cyberspace security,but also provides support for cloud service providers in the defense against co-resident attack and to improve service quality.It has certain scientific significance and practical value.