ISSN 1000-1239 CN 11-1777/TP

• 论文 •

### VFRS：一种面向虚拟计算环境的入侵容忍方法

1. 1(华中科技大学计算机科学与技术学院 武汉 430074) 2(服务计算技术与系统教育部重点实验室 武汉 430074) 3(集群与网格计算湖北省重点实验室 武汉 430074) (zhaof@hust.edu.cn)
• 出版日期: 2010-03-15

### VFRS: A Novel Approach for Intrusion Tolerance in Virtual Computing Environment

Zhao Feng1,2,3, Jin Hai1,2,3, Jin Li1, and Yuan Pingpeng1,2,3

1. 1(School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074) 2(Key Laboratory of Services Computing Technology and System of Ministry of Education, Wuhan 430074) 3(Provincial Key Laboratory of Cluster and Grid Computing of Hubei, Wuhan 430074)
• Online: 2010-03-15

Abstract: With the emergence of multi-core processor, virtualization technology has attracted attention and developed rapidly in recent years. Virtual computing environment based on virtual machine becomes a hot topic in the field of network computing. Virtual computing environment is open, complex and dynamic, which has brought new challenges to system security, especially to intrusion tolerance. In this paper, VFRS method is proposed in order to protect sensitive data from intrusion in virtual computing environment. Firstly, a probability computing model is constructed to present system call sequences and the SCSFA algorithm is designed to predict the attempt of intrusion and to determine what need to protect, which is based on the analysis of system call sequence in virtual computing systems; Secondly, the sensitive data protected are divided into a number of film data, and for the goals of random errors tolerance, each tablet data are redundant backup based on Byzantine fault tolerance; Then, the redundant data are distributed to different virtual machines. VFRS method can predict the anomaly intrusion and well tolerate the complicated errors in virtual computing environment. The experimental results show that VFRS is effective and of high performance compared with related work. Some key issues of the VFRS method are also discussed and analyzed in detail.