云计算环境中侧通道攻击检测与防御技术研究

项目名称： 云计算环境中侧通道攻击检测与防御技术研究

项目编号： No.61472316

项目类型： 面上项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 桂小林

作者单位： 西安交通大学

项目金额： 83万元

中文摘要： 由于资源共享、多租户跨域共享和平台开放等特征，使得云计算面临的安全问题更加复杂。已有研究表明侧通道攻击是云计算面临的一种新型安全挑战。攻击者通过探测云共享资源的状态信息，建立泄漏模型，便可绕过虚拟化隔离性，盗取其他用户的私密信息。针对侧通道攻击引入的安全威胁，本项目将从以下三个方面展开研究：1）研究侧通道攻击的攻击模式与攻击方法，包括侧通道信息探测、虚拟机同驻检测和侧通道攻击特征分析等；2）研究侧通道攻击检测方法，包括攻击特征形式化、攻击特征感知、汇聚与分析、在线检测算法等；3）研究虚拟化隔离加固技术，实现侧通道攻击防御，包括用户约束关系分析与形式化、隔离策略制定、虚拟机部署算法和虚拟机迁移算法等。本项目研究成果对于深入分析侧通道攻击机理，增强侧通道攻击防御能力，推动云计算健康快速发展，占领云计算安全领域的国际制高点，都具有重要的理论意义和实用价值。

中文关键词： 云安全；虚拟化；侧通道攻击；攻击检测；主动防御

英文摘要： Due to resource sharing, multi-tenant cross-domain sharing and platform opening in cloud computing, Cloud security problems is becoming more complex. The existing research has shown that side channel attacks (SCA) are becoming a new security challenge in cloud computing. Using side channel attacks, malicious users can break the isolation mechanism and extract private information from other users by probing the responses of shared resource and establishing the leakage model. To solve the security threats introduced by SCA, this project make the research from three aspects. First, the attack patterns and attack schemes of side channel attacks are investigated, which include probing side information, virtual machines (VMs) co-residency detection scheme and attack features analysis, etc. Second, side channel attacks detection schemes are investigated, which include formalizing SCA features, perceiving, converging and analyzing the SCA features and designing on-line detection algorithm, etc. Third, the SCA defense scheme is investigated from the perspective of enhancing isolation between Virtual Machines(VMs), which include analyzing and formalizing users constraint relations, making isolation rules, designing VMs placement algorithm and VMs migration algorithm, etc. This project has significant theoretical and practical value in in-depth analyzing mechanism of SCA, improving defense ability for SCA, promoting the healthy and rapid development of cloud computing, and reaching the international advanced level of the cloud security field.

英文关键词： cloud security;virtualization;side channel attacks;attack detection;active defense