跳到主要內容

臺灣博碩士論文加值系統

(3.236.23.193) 您好!臺灣時間:2021/07/24 14:00
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:葉家榮
研究生(外文):Jia-Rung Yeh
論文名稱:針對雲端虛擬機器資源分配的多重資源阻斷攻擊
論文名稱(外文):Migrant Attack: A Multi-Resource DoS Attack on Cloud Virtual Machine Migration Schemes
指導教授:逄愛君逄愛君引用關係蕭旭君
指導教授(外文):Ai-Chun PangHsu-Chun Hsiao
口試委員:曾學文
口試委員(外文):Hsueh-Wen Tseng
口試日期:2015-07-23
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:資訊工程學研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2015
畢業學年度:103
語文別:英文
論文頁數:32
中文關鍵詞:阻斷攻擊雲端資源分配虛擬化虛擬機器
外文關鍵詞:Denial of ServiceCloudResource allocationVirtualizationVirtual machine
相關次數:
  • 被引用被引用:0
  • 點閱點閱:172
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
雲端是近年來資訊
產業發展的重心之一,他對資源擁有著非常彈性的使用能力,但同時也可能是可以被攻擊的特性。
我們提出一個新型的阻斷服務的攻擊模式-遷移式攻擊。此攻擊利用了兩點雲端的特性,一是不斷對其所擁有的實體機器為了能源或是效率上的考量做出的搬移,二是在同一台實體機器上虛擬機器之間的干擾。我們以多種資源的利用誘使雲端錯誤的對資源做出分配,並以搬移和不平衡的資源分配做為我們攻擊上的測量。同時我們也給出了可能可以防禦和偵測的討論。

The elasticity of cloud data center is attractive to users and tenants. Based on different allocation schemes of virtual machine(VM) , cloud providers can make better performance, QoS, or energy consumption which is dominated by elasticity. However, these allocation schemes dynamically reschedule the VM placement scattered on the cloud, and the multi-resources of the allocation schedule, which are possible weaknesses for attackers to utilize that we propose as the Migrant Attack. We demonstrate that the Migrate Attack utilizes the weakness of the isolation between VM and VM to constitute interference which triggers the allocator to migrate one VM from its own PM to another one. We also give the discussion of the defensive scheme and the mitigation policy.

口試委員審訂書 i
中文摘要 i
Abstract ii
Contents iii
1 Introduction 1
2 Background 4
2.1 Cloud Service Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 VM Allocator and Migration Cost . . . . . . . . . . . . . . . . . . . . . 5
2.3 Overview of Openstack . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3 The Migrant Attack 9
3.1 Resource Utilization Leakage Exploitation . . . . . . . . . . . . . . . . . 9
3.2 Migrant Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4 Implementation 12
4.1 Testbed model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.2 Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.3 Defense Policy and Challenge . . . . . . . . . . . . . . . . . . . . . . . 15
4.3.1 Feature Detection . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.3.2 Mitigation by Allocator . . . . . . . . . . . . . . . . . . . . . . . 15

4.3.3 Usage Quota . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5 Evaluation and Emulation 17
5.1 Leakage test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.2 Measure Damage of Downtime and Migration Times . . . . . . . . . . . 18
5.3 Measure The Damage in Imbalance Degree . . . . . . . . . . . . . . . . 21
6 Related Work 25
6.1 Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
6.2 Migration Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
6.3 Other DoS Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7 Conclusion 28
Bibliography 29

[1] Bhaskar Prasad Rimal, Eunmi Choi, and Ian Lumb. A taxonomy, survey, and issues
of cloud computing ecosystems. In Cloud Computing, pages 21–46. Springer, 2010.
[2] D Anstee, A Cockburn, and G Sockrider. Worldwide infrastructure security report.
Technical report, Technical report, Burlington, MA, USA, 2014.
[3] Min Suk Kang, Soo Bum Lee, and Virgil D Gligor. The crossfire attack. In Security
and Privacy (SP), 2013 IEEE Symposium on, pages 127–141. IEEE, 2013.
[4] Ahren Studer and Adrian Perrig. The coremelt attack. In Computer Security–ESORICS
2009, pages 37–52. Springer, 2009.
[5] Mina Guirguis, Azer Bestavros, Ibrahim Matta, and Yuting Zhang. Reduction of
quality (roq) attacks on dynamic load balancers: Vulnerability assessment and design
tradeoffs. In INFOCOM 2007. 26th IEEE International Conference on Computer
Communications. IEEE, pages 857–865. IEEE, 2007.
[6] Zhenqian Feng, Bing Bai, Baokang Zhao, and Jinshu Su. Shrew attack in cloud
data center networks. In Mobile Ad-hoc and Sensor Networks (MSN), 2011 Seventh
International Conference on, pages 441–445. IEEE, 2011.
[7] Yichuan Wang, Jianfeng Ma, Di Lu, Xiang Lu, and Liumei Zhang. From highavailability
to collapse: quantitative analysis of “cloud-droplet-freezing”attack
threats to virtual machine migration in cloud computing. Cluster Computing, 17(4):
1369–1381, 2014.
[8] Antonio Corradi, Mario Fanelli, and Luca Foschini. Vm consolidation: A real case
based on openstack cloud. Future Generation Computer Systems, 32:118–127, 2014.
[9] Yunjing Xu, Zachary Musgrave, Brian Noble, and Michael Bailey. Bobtail: Avoiding
long tails in the cloud. In NSDI, pages 329–341, 2013.
[10] William Voorsluys, James Broberg, Srikumar Venugopal, and Rajkumar Buyya. Cost
of virtual machine live migration in clouds: A performance evaluation. In Cloud
Computing, pages 254–265. Springer, 2009.
[11] Mina Guirguis, Azer Bestavros, and Ibrahim Matta. Exploiting the transients of
adaptation for roq attacks on internet resources. In Network Protocols, 2004. ICNP
2004. Proceedings of the 12th IEEE International Conference on, pages 184–195.
IEEE, 2004.
[12] Openstack. In https://www.openstack.org/software/icehouse/, 2014.
[13] Anton Beloglazov, Jemal Abawajy, and Rajkumar Buyya. Energy-aware resource
allocation heuristics for efficient management of data centers for cloud computing.
Future generation computer systems, 28(5):755–768, 2012.
[14] Thuan Duong-Ba, Thinh Nguyen, Bella Bose, and Tuan Tran. Joint virtual machine
placement and migration scheme for datacenters. In Global Communications Conference
(GLOBECOM), 2014 IEEE, pages 2320–2325. IEEE, 2014.
[15] Ting Yang, Young Choon Lee, and Albert Y Zomaya. Energy-efficient data center
networks planning with virtual machine placement and traffic configuration. In
Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International
Conference on, pages 284–291. IEEE, 2014.
[16] Nguyen Trung Hieu, Marco Di Francesco, and Antti Yla-Jaaski. A virtual machine
placement algorithm for balanced resource utilization in cloud data centers. In Cloud
Computing (CLOUD), 2014 IEEE 7th International Conference on, pages 474–481.
IEEE, 2014.
[17] Dallal Belabed, Stefano Secci, Guy Pujolle, and Deep Medhi. Striking a balance
between traffic engineering and energy efficiency in virtual machine placement.
[18] Yang Guo, Alexander L Stolyar, and Anwar Walid. Shadow-routing based dynamic
algorithms for virtual machine placement in a network cloud. In INFOCOM, 2013
Proceedings IEEE, pages 620–628. IEEE, 2013.
[19] Anton Beloglazov and Rajkumar Buyya. Managing overloaded hosts for dynamic
consolidation of virtual machines in cloud data centers under quality of service constraints.
Parallel and Distributed Systems, IEEE Transactions on, 24(7):1366–1379,
2013.
[20] Eddy Caron and Jonathan Rouzaud Cornabas. Improving users’ isolation in iaas:
Virtual machine placement with security constraints. In Cloud Computing (CLOUD),
2014 IEEE 7th International Conference on, pages 64–71. IEEE, 2014.
[21] Kateryna Rybina, Abhinandan Patni, and Alexander Schill. Analysing the migration
time of live migration of multiple virtual machines. In 4th International Conference
on Cloud Computing and Services Science (CLOSER 2014), 2014.
[22] Waltenegus Dargie. Estimation of the cost of vm migration. In Computer Communication
and Networks (ICCCN), 2014 23rd International Conference on, pages 1–
8. IEEE, 2014.
[23] Huan Liu. A new form of dos attack in a cloud and its avoidance mechanism. In
Proceedings of the 2010 ACM workshop on Cloud computing security workshop,
pages 65–76. ACM, 2010.
[24] Massimo Ficco and Massimiliano Rak. Stealthy denial of service strategy in cloud
computing. Cloud Computing, IEEE Transactions on, 3(1):80–94, 2015.
[25] Fangfei Zhou, Manish Goel, Peter Desnoyers, and Ravi Sundaram. Scheduler vulnerabilities
and coordinated attacks in cloud computing. In 2011 10th IEEE International
Symposium on Network Computing and Applications (NCA), pages 123–130.
IEEE, 2011.
[26] Venkatanathan Varadarajan, Thawan Kooburat, Benjamin Farley, Thomas Ristenpart,
and Michael M Swift. Resource-freeing attacks: improve your cloud performance
(at your neighbor’s expense). In Proceedings of the 2012 ACM conference
on Computer and communications security, pages 281–292. ACM, 2012.
[27] Adrian Duncan, Sadie Creese, Michael Goldsmith, and Jamie S Quinton. Cloud
computing: Insider attacks on virtual machines during migration. In Trust, Security
and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE
International Conference on, pages 493–500. IEEE, 2013.

QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top