- 學位論文
於雲端環境下透過虛擬機器移置與主動式防禦配置以最大化網路存活度
Through Virtual Machine Migration and Proactive Defense Resource Allocation to Maximize Network Survivability in a Cloud Environment
摘要
近幾年來,由於資訊科技的發展,不僅帶來許多方便更進一步改變人們的生活方式。雲端運算便是其中之一。因為雲端運算,使用者可以依自己所需使用各式各樣不同且有彈性的服務,此特色省去了使用者在IT設備採購與維護的費用,同時吸引了許多企業選擇將其服務架構建置在雲端基礎建設之上。 但是,資訊安全議題是企業是否採用雲端運算所必須考慮的議題之一。為了使企業於雲端環境中能夠不中斷他們提供服務的能力,虛擬機器移置的防禦機制是一種可以有效避免服務中斷的防禦機制。虛擬機器移置機制可以動態地將虛擬機器從一台實體伺服器搬移置另外一台實體伺服器中,避免此虛擬機器被惡意攻擊,進一步提升網路的存活度。 而資料對於企業的重要性,由於大數據分析的興起變得越來越重要。如何保護資料免於被惡意攻擊者竊取是企業特別關心的,而秘密分享機制是一種可以有效防止攻擊者竊取資料的機制。此機制藉由將資料切割成N等份,並且需要K份祕密碎片才能夠將資料還原,借此提高攻擊者竊取資料的難度。 本篇論文的目的為幫助企業找到一個有效的方法來防止外部的惡意攻擊以避免中斷服務的提供或是資料遭受竊取。除了傳統的防火牆、IDS、IPS...等防禦措施,也會採取上述虛擬機器移置與秘密分享兩種防禦機制來增加網路的存活度。除此之外,我們將會於有限的防禦資源下幫助企業找出最佳的防禦策略與資源配置方式來防禦攻擊者的入侵。 在本研究中,由於許多複雜且充滿隨機性的問題,我們試圖採取數學規劃及蒙特卡羅分析法來解決此問題,期望能幫助防禦者透過有效的資源配置以提高網路存活度。
並列摘要
In recent years, the development of information technology not only brings much convenient to us but further changes our life style. The cloud computing is one of the information technology. Owing to the cloud computing, users can subscribe different kinds of flexible and scalable services on demand. This feature makes users spend less expense on establishing and maintaining IT infrastructure which attracts many enterprises to build their IT environment through the cloud platform. However, the information security issue is one of the must considered issue to enterprises who are going to adopt the cloud computing. In order to make the enterprise in the cloud environment not interrupt their abilities to provide services, VM Migration mechanism is a useful defense mechanism for avoiding service being disrupted. VM Migration mechanism enables VM dynamically move from one physical server to another and the mechanism can prevent VM from the malicious attack and further increase the network survivability. Besides, the importance of data for company has become more and more significant due to the rise of “Big Data Analysis”. It is special concerned by companies on how to prevent data being compromised by malicious attackers. Secret sharing mechanism is an effective mechanism to prevent data being stolen from attackers, it will cut data into N pieces and need K pieces to reconstruct the data for increasing the difficulty to steal data. Our goal is to help enterprises find out an effective way to prevent external malicious attacks to avoid service disruption or data stolen. In addition to traditional defense strategies such as firewall, IDS, IPS, we will take VM Migration mechanism and secret sharing mechanism introduced before to increase the network survivability. Beside, we will aid enterprises to seek the optimal way of allocating defense resource under limit budget to fight against the invasion of attackers. In our work, since many complex and full of randomness problem, we tried to take Mathematical Programming and Monte Carlo Simulation methods to solve this problem, and we look forward to helping defenders to improve the network survivability through effective allocation of resource.
參考文獻
延伸閱讀
- 陳博榮(2011)。雲端運算之高可靠性虛擬機器架構〔碩士論文,元智大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0009-2801201414592841
- 王皓平(2015)。基於虛擬網路通訊強度之雲端虛擬叢集排程策略〔碩士論文,國立中央大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0031-0412201512083836
- 吳嘉恩(2016)。於雲端資料中心建構動態式虛擬防火牆之設計與實現〔碩士論文,國立中正大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0033-2110201614044373
- Jiang, K. D. (2007). A Near-Optimal Redundancy Allocation Policy to Minimize System Vulnerability against Hazardous Events and Malicious Attacks [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2007.01212
- 周暉豪(2013)。An Adaptive Network-based Intrusion Detection System on the Cloud Environment〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU.2013.01867