Research On Privacy Computation Analysis And Forensics In Virtual Computing Environment

Cloud computing is an important development trend in the information age and a major national development strategy.In recent years,global network security incidents have occurred frequently,and due to defects such as homogenization of virtual machines in cloud environments,the issue of user privacy data security has become more prominent.After security problems occur,privacy infringement and forensics have become the primary problems faced by a large number of enterprises and users in the protection of their legal rights.At present,the research on privacy infringement forensics in the virtual environment is not perfect.There are two main problems: one is limited to a specific or single instruction set architecture,operating system,or product;the other is that fine-grained real-time monitoring will bring clients huge performance overhead.In response to the above problems,the privacy computing analysis and forensics system in the virtual computing environment combines deterministic replay debugging technology and cross-platform dynamic information flow tracking technology to achieve offline privacy computing forensics for multiple operating systems and multiple instruction set architectures.First,the system accurately records all uncertain events occurring inside the client with low overhead outside the client virtual machine and saves them as permanent evidence.Then in the offline forensics phase,the system can perform repeated and iterative multi-granular forensic analysis on the evidence files,including coarse-grained analysis of system calls,virtual machine introspection analysis,and fine-grained analysis of dynamic information flow tracking.The extended log format records the analysis results.Finally,the system performs correlation analysis on the collected multi-module analysis logs to screen out security incidents and build a privacy data leakage path and visualize the results of the forensics.Test results show that:(1)The system supports offline multi-granularity analysis and forensics of privacy data leakage events caused by real malicious samples and vulnerability attacks in different operating systems under different architectures.(2)The system can uniformly process the heterogeneous logs of various analysis plug-ins,sort out the privacy violation path,and visualize the forensic results.