| As the core technology of cloud computing,virtualization technology plays a very important role in the cloud computing environment.Through the virtualization technology,users can separate the environment and the physical platform for the specific application deployment in cloud computing,and then through the management platform the management,extension,migration and backup of the system and container can be performed.The essence of virtualization technology is to achieve isolation between software applications and underlying hardware,and to achieve efficient management by converting physical resources into logical resources.The development of virtualization technology directly affects the availability,robustness,and security of cloud computing platforms.However,in the virtualized environment,resource control is confronted with severe challenges due to the concentration of resource distribution and the huge number of users.The core of the security problem in the virtualization environment is that the existing security mechanism can not meet the security requirement of resource control under the virtual environment,which leads to the security problem of resource isolation and resource sharing.The security problems of resource isolation in virtualized environments are represented by existing access control technologies such as firewalls and the discretionary access control technology cannot effectively isolate resources,and cannot guarantee the availability and confidentiality of resources.Virtual machine escape seriously affects the use and storage of resources.The security problem of resource sharing in virtualized environments is for the reason that existing access control technologies fail to provide an effective way of sharing resources securely.These problems have seriously affected the development of virtualization technologies and the security of cloud computing environments.In order to enhance the security of the virtualized environment and meet the needs of resource security isolation and security sharing in the virtualized environment,this thesis puts forward the V-BLP model under the virtualized environment through analyzing the existing security access control technologies and combining the characteristics of resource distribution under the virtualized environment,and then proposes a complete security reinforcement scheme based on this model.Finally,according to the design of the scheme,the security reinforcement system is implemented and tested.The main content of this thesis is as follows.Firstly,through investigating existing access control technologies and combining security requirements for resource isolation and resource sharing in a virtualized environment,this paper utilize a multi-level access control BLP model to introduce resource elements in a virtualized environment and proposes a more general and efficient V-BLP model.Secondly,based on the V-BLP model and analyzing the resource access control requirements in a typical virtualized environment,it designs a security solution for resource isolation and resource sharing,centered on control strategy and access control to implement security reinforcement in the virtualized environment,and analyzes the safety and efficiency of the plan.Thirdly,according to the design of the security reinforcement mechanism,combined with the application scenarios of virtualized technologies and existing security technologies,the security reinforcement system is designed to achieve effective isolation of resources with mandatory access control,and to achieve the secure sharing of resources with multi-level security labels.Finally,in order to implement a security reinforcement system,it performs functional tests on system functions from both aspects of resource isolation and sharing,and tests the impact of system on the performance of virtualized environment,so as to prove that the security reinforcement system can achieve safe and efficient resource isolation and resource sharing,and enable security reinforcement in the virtualized environment. |
PDF Full Text Request