Journal of Frontiers of Computer Science and Technology ›› 2020, Vol. 14 ›› Issue (2): 200-214.DOI: 10.3778/j.issn.1673-9418.1909071

Previous Articles     Next Articles

Survey on Protection Mechanisms for Untrusted Hypervisor in Cloud

GU Jianan, ZHENG Beilei, WENG Chuliang   

  1. School of Data Science and Engineering, East China Normal University, Shanghai 200062, China
  • Online:2020-02-01 Published:2020-02-16

面向云平台非可信Hypervisor的保护机制综述

顾佳男,郑蓓蕾,翁楚良   

  1. 华东师范大学 数据科学与工程学院,上海 200062

Abstract:

In this big data era, the multi-tenant cloud platform plays an important role. However, as one of the major technologies adopted in the cloud platforms, the virtualization technology is not secure enough. The Hypervisor is a key layer in the virtualization software stack that manages vital tasks between guest virtual machines and the bare metal, such as resource allocation, sharing and isolation. Meanwhile, the Hypervisor suffers from vulnerabilities along with its large attack surface, which makes attacks on the Hypervisor threaten the cloud and applications above. Therefore, constructing protection mechanisms for the untrusted Hypervisor in the cloud is necessary. Survey from the perspective of the protection mechanism's construction: analyze the feasibility and challenges, and do cla-ssifications; present the related work in this field in terms of integrity detection mechanisms, defense mechanisms, and isolation mechanisms; give research trends and provide a valuable reference for future researches on the vir-tualization security and on building a reliable multi-tenant cloud platform.

Key words: cloud platform, virtualization security, untrusted Hypervisor, construction of protection mechanism

摘要:

大数据时代背景下,多租户云平台的作用越显重要。然而,虚拟化作为云平台的关键构建技术之一,其安全性的保证尚不充分。Hypervisor是虚拟化技术中关键的软件层次,它管理着客户虚拟机和裸机物理资源之间的资源分配、共享和隔离等重要事务。但是Hypervisor本身存在着漏洞和攻击面,使得任意针对Hypervisor的攻击对多租户云平台和上层应用造成不可估计的威胁。因此,面向云平台非可信Hypervisor的保护机制应运而生。对现有保护机制进行综述,包括:分析其构建的可行性与挑战,并对保护机制进行分类;梳理和剖析保护机制中的完整性检测机制、防御机制以及隔离机制方面的相关工作;展望未来研究趋势,为未来虚拟化技术安全性的研究以及构建可靠的多租户云平台的研究提供有价值的参考。

关键词: 云平台, 虚拟化安全, 非可信Hypervisor, 保护机制构建