CN106850732B - A kind of same method of example deployment in probability of height towards PaaS cloud environment - Google Patents
A kind of same method of example deployment in probability of height towards PaaS cloud environment Download PDFInfo
- Publication number
- CN106850732B CN106850732B CN201611078449.5A CN201611078449A CN106850732B CN 106850732 B CN106850732 B CN 106850732B CN 201611078449 A CN201611078449 A CN 201611078449A CN 106850732 B CN106850732 B CN 106850732B
- Authority
- CN
- China
- Prior art keywords
- object instance
- detection
- stayed
- staying
- probability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
- H04L67/1014—Server selection for load balancing based on the content of a request
Abstract
The same method of example deployment in probability of the height that the present invention relates to a kind of towards PaaS cloud environment.This method comprises: 1) create or select at least one object instance on PaaS cloud;2) in the certain time interval (shorter time interval) after object instance creation, the example (referred to as detection example) of quick start and object instance same application type;3) it carries out finding out with object instance with detection is stayed with the detection example stayed after detection example starting.The present invention can effectively improve detection example and object instance reaches with the probability stayed, and shorten the time reached with staying, save the cost.
Description
Technical field
The invention belongs to virtualize and technical field of network security, it is related in a kind of raising cloud environment example with staying probability
Method, in particular to a kind of height towards PaaS cloud environment is the same as the method for example deployment in probability.
Background technique
Cloud computing is a kind of mode paid by usage amount, and core calculations and software resource are deployed in third-party vendor
In infrastructure, user can be accessed by network, and into configurable computing resources shared pool, (resource includes network, service
Device, storage, application software, service), use these resources as needed.User need to only put into seldom management work, or supply with service
Quotient is answered to carry out seldom interaction.Cloud computing can consider the service including following level: infrastructure services (IaaS),
Platform services (PaaS) and software services (SaaS).The development of cloud computing in recent years is swift and violent, and PaaS cloud service is in cloud computing city
It is play an important role in.
Service provided by PaaS is a basic platform, builds and run the basis by special platform service provider
Platform.PaaS allows user to focus more on the application program that they develop and deliver, rather than manages and maintains complete platform
System.For example, he applies for a Java to PaaS cloud supplier first when user needs to test or disposes a Java software
Environment, then the code of oneself is deployed in the example of application go operation can, without locally carry out it is complicated
Java Runtime Environment build.The common isolation mech isolation test of PaaS cloud is the isolation based on container, such as Docker.Container technique
The mechanism for having used a series of system level such as carries out space isolation using Linux namespaces, passes through file system
The mount point of system determines which accessible file of container, determines each container can use how much money by Cgroups
Source, without providing a complete operating system for each application, to substantially increase the utilization rate and deployment effect of resource
Rate.
Refer in virtualized environment with staying, two or more examples operate on the same physical machine, they are total
The resource for enjoying the physical machine, isolation and peace being scheduled between different examples by virtualization monitor and example is provided
Full property guarantees.Cloud service provider, generally can be the example deployment of multiple tenants at same in order to efficiently use physical resource
In physical machine;And sometimes for certain specific calculating demands, tenant can also wish to reach between example with staying.Reach general with staying
Be divided into two steps: firstly, tenant is according to certain tactful Request For Disposition example, such as the application type in conjunction with example, the application time,
The creation because usually considering example such as example quantity;Then, tenant needs using same detection method of staying to determine whether and target
Example has reached same and has stayed.
Have much for example on cloud with the method for staying detection.Ristenpart et al. (T.Ristenpart,
E.Tromer,H.Shacham,and S.Savage.Hey,you,get off of my cloud:Exploring
information leakage in third-party compute clouds.In Proceedings of the 16th
ACM conference on Computer and communications security,pages 199–212.ACM,
2009.) it was put forward for the first time virtual machine in 2009 and stays problem together, and gives the detection based on the network information: if two virtual
Machine has IP address, similar implicit IP address or the lesser network packet two-way time (round-trip of identical Domain0
Times, RTTs), then they are likely to stay together.Adam Bates et al. (A.Bates, B.Mood, J.Pletcher,
H.Pruse,M.Valafar,and K.Butler.Detecting co-residency with active traffic
analysis techniques.In Proceedings of the 2012ACM Workshop on Cloud Computing
Security Workshop, pages 1-12.ACM, 2012.) based on staying multiplexing of the virtual machine to physical platform network interface card
Bring network packet delay problem, which is proposed with digital watermark (Co-Residency Watermarking) is stayed, detects same stay.
Zhang et al. (Y.Zhang, A.Juels, A.Oprea, and M.K.Reiter.Homealone:Coresidency
detection in the cloud via side-channel analysis.In Proceedings of the
2011IEEE Symposium on Security and Privacy,pages 313–328.IEEE Computer
Society, 2011.) propose that the HomeAlone technology based on Cache, the technology arrange not make by monitoring friendly virtual machines
The service condition in a certain particular cache region is to determine whether have other virtual machines to cache using this region, and then reach
Detection is the same as the purpose stayed.Meanwhile also there are many based on afterbody caching it is same stay detection method, such as Flush-reload and
The methods of Prime-probe can detect same stay by detecting the occupancy to afterbody shared buffer memory.In addition, Wu et al.
(Z.Wu,Z.Xu,and H.Wang.Whispers in the hyper-space:Highspeed covert channel
Attacks in the cloud.In USENIX Security symposium, pages 159-173,2012.) propose
What bus was seized based on memory is same in detection method, and this method is not only limited to the physical structure containing same CPU, for more
The physical structure of CPU is equally applicable.
Although having much for virtual machine with the research for staying detection, the research for deploying virtual machine strategy is not
Very much, for the research of PaaS mysorethorn example deployment strategy with regard to less.Varadarajan et al. (Varadarajan, V.,
Zhang,Y.,Ristenpart,T.,and Swift,M.A placement vulnerability study in multi-
Tenant public clouds.In Proceedings of USENIX Security, 2015.) have studied three it is publicly-owned
It is same in loophole on IaaS cloud platform EC2, GCE and Microsoft Azure, also have and simply refers on Heroku PaaS cloud
The same of example stays problem, but does not conduct further research.Zhang in 2014 et al. (Y.Zhang, A.Juels,
M.K.Reiter,and T.Ristenpart.Cross-tenant side-channel attacks in PaaS
clouds.In Proceedings of the 2014 ACM SIGSAC Conference on Computer and
Communications Security, pages 990-1003.ACM, 2014.) illustrated with DotCloud and OpenShift
Reaching in PaaS public cloud with staying not is to be difficult, but it is how to be realized using side channel method that it, which is mainly studied a little,
Attack between PaaS cloud tenant, while providing specific attack instance, there is no to how on PaaS cloud quickly and target
Reach and is analyzed with the problem of staying.
Since cloud service is charged on demand, and reach with generally requiring to start a large amount of example during staying, this will
Bring the expense on time and money.Therefore, with staying how to shorten required time in the process, save the cost is to need to consider
One of an important factor for.Variable You Yun supplier, application involved in example deployment process type (such as Python,
Java, PHP etc.), example starting time, example quantity, data area etc., these factors are likely to causing shadow with staying probability
It rings.Sufficiently investigating these variables to under the premise of in impact probability, example deployment strategy that can be certain by setting be mentioned
It is high same in probability, save the expense of time and money.
Summary of the invention
It is an object of the invention to provide a kind of deployment strategy of example for the PaaS cloud based on container, which can
The probability reached between example with staying is effectively improved, shortening reaches with required time is stayed, and reduces expense.
" example " generally refers to virtual machine in IaaS cloud service, and the present invention borrows the definition of IaaS cloud service herein,
The service unit that PaaS cloud is referred to it refers generally to service provider and is supplied to the software operation of user, deployed environment,
A such as container.
The technical solution adopted by the invention is as follows:
A kind of same method of example deployment in probability of height towards PaaS cloud environment, step include:
1) at least one (one or more) object instance is created or selected on PaaS cloud;
2) in the certain time interval (shorter time interval) after object instance creates or is selected, quick start
Belong to the example (for the ease of distinguishing, detection example is referred to after this certain embodiments) of same application type with object instance;
3) it carries out finding out with object instance with detection is stayed with the detection example stayed after detection example starting.
In above procedure, as long as thering is a detection example and an object instance to reach with staying, even if with completion in process.
If object instance be it is user controllable, user can increase detection by suitably increasing object instance quantity
Example and object instance reach with the probability stayed;If object instance is that user is uncontrollable but external offer service, backstage
Often there is the setting of load balancing, the quantity of meeting adjust automatically example comes balancing requests pressure, example when workflow variation
Such as, object instance is a Web server, and user can promote the creation of new object instance by increasing network request.
If object instance be it is user controllable, user can control object instance and detection example creation time between
Every;If object instance is that user is uncontrollable, i.e., user is increased by way of the above-mentioned creation for promoting fresh target example
The number of object instance then can equally hold the time interval of detection example and object instance creation.
When the time interval that detection example and object instance create is shorter, it is easier to reach same and stay.
It is stayed in detection example and the application type phase of object instance at the same time it is easier to reach same with object instance.
It is above-mentioned same in detection process, detection example and object instance can be tested one by one whether with staying, until detecting together
Until staying.
In addition, the detection method with use in detection is as follows:
It is realized with detection is stayed based on seizing for shared physical resource, principle is built between two detected examples
Be based on the side channel of rambus.If two examples A and B are with staying, when the program for running committed memory bus in example A
When, process will be affected to the access speed of memory in example B;, whereas if two example A and B differences are stayed, then A is
No operation bus occupies process and the speed of B access memory will not be impacted.
Beneficial effects of the present invention:
In recent years, cloud computing development was more more and more universal, and the user on cloud is also more and more, and multiple tenants share Cloud Server
The phenomenon that be inevitable, thus with stay problem also have been to be concerned by more and more people.During with staying, the deployment of example
Link be it is critically important, it, which decides, reaches with the speed and cost stayed, it might even be possible to decide whether to reach with staying.
Traditional example deployment scheme is exactly a large amount of deployment examples, has then detected whether that example reaches same two-by-two one by one
It stays.And the present invention is in abundant research and under the premise of test the PaaS cloud characteristic based on container, in conjunction with exemplary application type, example
The variables such as deployment time and example quantity propose a kind of high with the example deployment method for staying probability.This method can effectively improve inspection
It surveys example and object instance reaches with the probability stayed, shorten the time reached with staying, save the cost.
Detailed description of the invention
Fig. 1 is the method for the present invention flow chart;
Fig. 2 is in the present invention in overhaul flow chart;
Fig. 3 is one flow chart of the embodiment of the present invention;
Fig. 4 is two flow chart of the embodiment of the present invention.
Specific embodiment
The present invention is explained in further detail with reference to the accompanying drawing.
The method of the present invention process is as shown in Figure 1.Firstly, creation or selected target example, object instance on PaaS cloud
It can be by user's control, it is also possible to which not by user's control, but user knows their application type.Object instance can be with
There is one or more.
When object instance increases, it will increase detection example and reach with it with the probability stayed.When object instance is to use
When family is controllable, user can be improved by increasing the number of object instance with the probability stayed naturally;When object instance not
When being user controllable, it is contemplated that promoting the increase of object instance using other methods, specific we are given below two
It is described in embodiment.
When detection example is identical with the application type of object instance, the two, which more easily reachs, is stayed together, this is because we
It was found that the container of same type is often from the same container image starting, to save carrying cost.Therefore the detection of starting is real
Example will be consistent with the application type of object instance.
Finally, need to detect detection example one by one after having created detection example and whether object instance stays together, it is same to stay
Detecting step is as shown in Figure 2:
The side channel of bus is established between two processes Sender and Receiver based on memory, the operation of the two processes
In different examples.Sender process can occupy bus by being continually performed the atomic operation across cache lines, in this way when
When with other examples access memory stayed, it will be interfered to the access speed of memory.Receiver process is used to survey
The time of examination access memory.
In order to effectively detect same stay, it would be desirable to selected with the threshold value Threshold for staying detection first.For
The selection of Threshold, in the case where no Sender process is interfered, operation Receiver process internally deposits into row to user first
Repeatedly access, obtains an internal storage access average time T1.Then it is run simultaneously when Sender process is run
Receiver process carries out internally depositing into row repeatedly access, obtains with internal storage access average time T under the state of staying2.In conjunction with this two
A value (i.e. T1And T2) and concrete scheme implement that (such as being lower than 5% with rate of failing to report is stayed) is required to choose suitable Threshold.
The access of memory can please be corresponded to when using the present invention according to the actual situation there are many implementation
The test of Threshold.Sender process can be run in selected detection example in detection process same, while testing mesh
The time of Receiver process access memory in example is marked, repeatedly test obtains mean value T.Two are thought if T > Threshold
Person is same to stay;Conversely, the two difference is stayed.
Following will be combined with the drawings in the embodiments of the present invention, provides two specific embodiments.It is understood that described
Embodiment be only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ability
Field technique personnel every other embodiment obtained without making creative work belongs to what the present invention protected
Range.
Embodiment one:
Single user's (or between two partner users) wishes that PaaS mysorethorn example can be same to meet specific calculating demand
It resides in same physical machine, tenant does not require the type of application specifically.In this case, reality of the invention is utilized
Example dispositions method can be easily found with a pair of or multiple example stayed.
By taking PaaS cloud OpenShift as an example, after the object instance for creating multiple Java types, tenant can be short
Java type detection example is created in time interval (within 2 hours), then whether detects detection example and object instance one by one
It is same to stay, until reaching with object instance with staying.
User can choose Threshold first, and for differentiating, whether two examples are same to be stayed.In isolated operation Receiver journey
When sequence, the average time T of test access memory1;When Sender and Receiver program is run simultaneously, test is visited
Ask the average time T of memory2.Suitable Threshold is chosen according to the two values.
With before starting in detection, side channel test the program Receiver and Sender of bus are mentioned based on memory
Before be deployed in two detected examples, as shown in Figure 3.Detection example and object instance are all that tenant can in the present embodiment
Control, thus user can also be with the beginning and end of autonomous control test program.It is tested while the operation of Sender process
Receiver process accesses the average time T of memory, if T > Threshold, then it is assumed that two detected examples are same to stay.
We test with the influence in probability object instance quantity on PaaS public cloud OpenShift.?
It will test the number that example is fixed as 30 and then variation targets example in our test, every group of test result is ten tests
Average value, the results are shown in Table 1:
1. object instance quantity of table is to the same as the influence for staying probability
| Object instance number | 1 | 10 | 20 | 30 |
| With in probability | 0.2 | 0.6 | 1 | 1 |
It will increase as it can be seen that increasing with object instance, detection example and object instance reach with the probability stayed.
In addition, we equally test for application type to the influence for staying probability.First on OpenShift
Start an object instance, then start detection example one by one, until thering is detection example and object instance to reach with staying.It is right
Take the average value of ten tests respectively the case where detection example and object instance are same application type and different application type,
The results are shown in Table 1:
2. application type of table is to the same as the influence stayed
| Classification | Mean value | Minimum value | Maximum value |
| Same application type | 26.1 | 11 | 37 |
| Different application type | 65.4 | 23 | 119 |
As it can be seen that required detection example number is obvious when detection example and object instance are application types of the same race
When less than detection example and object instance being different application type, this detection example for demonstrating same application type be easier and
Object instance reaches with the conclusion stayed.
Equally, for the time interval of example starting to the influence in probability, test is had also been made in we.The target of test
Example and detection example are same application type and are 20, and every group of test takes the average value of ten tests, as shown in table 3:
The time interval of 3. example of table starting is to the same as the influence for staying probability
| Time interval (hour) | 0 | 1 | 2 | 4 | 8 | 16 | 32 |
| With in probability | 1 | 1 | 0.9 | 0.4 | 1 | 0.6 | 0.3 |
Available from test result, when time interval is small less than 2, with staying, the probability of success is bigger, test
As a result also more stable.
To sum up, it is seen that the present invention can be effectively improved in probability.
Finally, we and PaaS mysorethorn example are in the selection of server in order to sufficiently prove beneficial effects of the present invention
Situation under completely random state compares.In the case where random, it is assumed that have in some data area of OpenShift
1000 servers (certainly, under normal circumstances all can be more than this number), it is assumed that object instance has 20 and is dispersed in difference
20 servers on the case where (such case be also with highest in probability), it is assumed that detection example has 20, then detection example
Reach with object instance with the probability stayed are as follows:
1-(1-20/1000)^20≈0.332
In our test process, once reach 1 with probability is stayed, this has absolutely proved that the present invention can be largely
Upper raising is the same as in probability.
Embodiment two:
In fact, user is no permission control object instance under normal conditions.If user A is flat in PaaS cloud
Object instance is deployed on platform, which, which externally provides, services and open load balancing;Another partner user B is uncommon
It hopes through deployment examples, the example of oneself and the example of user A is resided in same physical machine together.In this case, this hair
It is bright that the example of party A-subscriber and party B-subscriber also can quickly be helped to reach in (Fig. 4).
Equally by taking PaaS cloud OpenShift as an example, it is assumed that user A deploys Java type object instance in advance, the example
Network service is externally provided and achievees the purpose that load balancing by extending example automatically.User B not can control use at this time
The object instance of family A, and the network service of object instance can only be used.
By initiating the request of big webpage to object instance, (webpage size caches user B greater than afterbody, guarantees target
Web server in example needs to access memory) and the variation of request processing time is compared to judge that detection example and target are real
Whether example is same to be stayed.In this case, the service processes of Web server play the role of Receiver process.
Selection for Threshold, user B on OpenShift by oneself applying for reality identical with object instance
Example simultaneously disposes identical Web server to determine.User B first initiates big web-page requests to the network server oneself disposed,
Record request processing average time T1;Then user B runs Sender in the example where the network server that oneself is disposed
Process, the average time T that test network server handles request again2.It is suitable to be chosen according to the two values
Threshold。
User B is directed to the network request amount of the object instance of user A by increasing, and user A is promoted to create more targets
Example.And then user B creates the detection example of Java type, and by the side channel test program Sender of bus based on memory
It is deployed in detection example.User B runs Sender process in detection example later, while testing the object instance of user A
It is compared to the average handling time T of network request, and with Threshold.If T > Threshold, detection can be concluded that
Example reaches same with object instance and stays.
Claims (7)
1. a kind of height towards PaaS cloud environment is the same as the method for example deployment in probability, which comprises the following steps:
1) at least one object instance is created or selected on PaaS cloud;
2) in the certain time interval after object instance creates or is selected, quick start and object instance belong to identical answer
With the example of type, i.e. detection example;
3) it carries out finding out with object instance with detection is stayed with the detection example stayed after detection example starting;
It is described to be realized based on seizing for shared physical resource with staying detection, judge two examples A and B whether with the method stayed
It is: if process is affected to the access speed of memory in example B when running the program of committed memory bus in example A,
Then two examples A and B are same stays;If whether example A, which runs bus occupancy process, is not caused shadow for the speed of B access memory
It rings, then two example A and B differences are stayed;
The side channel of bus is established between two processes Sender and Receiver based on memory, and wherein Sender process passes through
The atomic operation across cache lines is continually performed to occupy bus, Receiver process is used to test the time of access memory;Into
Row is the same as when in detection, it is first determined with the threshold value Threshold for staying detection, then runs Sender in selected detection example
Process, while Receiver process accesses the time of memory in test target example, repeatedly test obtains mean value T, if T >
Threshold then thinks the two with staying, and otherwise the two difference is stayed;
The determination method of the threshold value Threshold are as follows: run Receiver process in the case where no Sender is interfered first
Row repeatedly access is internally deposited into, an internal storage access average time T is obtained1;Then when Sender process is run simultaneously
Operation Receiver process carries out internally depositing into row repeatedly access, obtains with internal storage access average time T under the state of staying2;In conjunction with
T1、T2Implement to require with concrete scheme to choose suitable Threshold.
2. the method as described in claim 1, which is characterized in that it is real that step 1) increases detection by increasing object instance quantity
Example and object instance reach with the probability stayed.
3. method according to claim 2, which is characterized in that if object instance be it is user controllable, user passes through suitable
When increase object instance quantity reaches to increase detection example and object instance with the probability stayed;If object instance be user not
Controllable but external offer service is then arranged using the load balancing on its backstage, increases it automatically by increasing its workflow
The quantity of example, to promote the creation of new object instance.
4. the method as described in claim 1, which is characterized in that step 3) is with staying in detection process, and test detection is real one by one
Whether example and object instance are same to be stayed, until detecting with staying.
5. the method as described in claim 1, which is characterized in that between the detection example and the time of object instance creation
It is every shorter, then easier to reach with staying.
6. method as claimed in claim 1 or 5, which is characterized in that the time interval is 2 hours.
7. the method as described in claim 1, which is characterized in that the application type phase of the detection example and the object instance
Meanwhile easily reaching same stay.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611078449.5A CN106850732B (en) | 2016-11-29 | 2016-11-29 | A kind of same method of example deployment in probability of height towards PaaS cloud environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611078449.5A CN106850732B (en) | 2016-11-29 | 2016-11-29 | A kind of same method of example deployment in probability of height towards PaaS cloud environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106850732A CN106850732A (en) | 2017-06-13 |
| CN106850732B true CN106850732B (en) | 2019-08-23 |
Family
ID=59146111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611078449.5A Active CN106850732B (en) | 2016-11-29 | 2016-11-29 | A kind of same method of example deployment in probability of height towards PaaS cloud environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106850732B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107622199B (en) * | 2017-09-21 | 2019-12-17 | 中国科学院信息工程研究所 | Channel attack defense method and device for Flush-Reload cache side in cloud environment |
| CN109728921B (en) * | 2017-10-27 | 2021-12-03 | 华为技术有限公司 | Management, maintenance and control method of virtual network element and related device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571746A (en) * | 2011-11-23 | 2012-07-11 | 西安交通大学 | Virtual machine deployment method oriented to side channel attack defense of cloud computation environment |
| CN104009885A (en) * | 2014-05-22 | 2014-08-27 | 北京大学 | Virtual machine simultaneous-locating detection method based on hidden channel under cloud environment |
| CN105938437A (en) * | 2016-05-30 | 2016-09-14 | 北京大学 | Co-residency-resistant virtual machine deployment method in cloud environment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9418024B2 (en) * | 2013-09-27 | 2016-08-16 | Intel Corporation | Apparatus and method for efficient handling of critical chunks |
-
2016
- 2016-11-29 CN CN201611078449.5A patent/CN106850732B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102571746A (en) * | 2011-11-23 | 2012-07-11 | 西安交通大学 | Virtual machine deployment method oriented to side channel attack defense of cloud computation environment |
| CN104009885A (en) * | 2014-05-22 | 2014-08-27 | 北京大学 | Virtual machine simultaneous-locating detection method based on hidden channel under cloud environment |
| CN105938437A (en) * | 2016-05-30 | 2016-09-14 | 北京大学 | Co-residency-resistant virtual machine deployment method in cloud environment |
Non-Patent Citations (1)
| Title |
|---|
| 云计算环境中的虚拟机同驻安全问题综述;沈晴霓,李卿;《集成技术》;20150930;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106850732A (en) | 2017-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | Peeking behind the curtains of serverless platforms | |
| US10860444B2 (en) | Seamless mobility for kubernetes based stateful pods using moving target defense | |
| US20200120082A1 (en) | Techniques for securing credentials used by functions | |
| US20180309787A1 (en) | Deploying deception campaigns using communication breadcrumbs | |
| CN107395659A (en) | A kind of method and device of service handling and common recognition | |
| CN110035079A (en) | A kind of honey jar generation method, device and equipment | |
| US10896059B2 (en) | Dynamically allocating cache in a multi-tenant processing infrastructure | |
| CN104009885B (en) | The virtual machine based on convert channel is the same as staying detection method under a kind of cloud environment | |
| US11429450B2 (en) | Aggregated virtualized compute accelerators for assignment of compute kernels | |
| CN104994183B (en) | Short network address determines method and apparatus | |
| JP6859518B2 (en) | How to prevent attacks on servers and devices | |
| Chhabra et al. | Dynamic data leakage detection model based approach for MapReduce computational security in cloud | |
| CN109218280A (en) | Implement micro- partition strategy of the physics and virtual application component in data center | |
| CN106850732B (en) | A kind of same method of example deployment in probability of height towards PaaS cloud environment | |
| CN104008038B (en) | The evaluating method and device of software | |
| Ghosh et al. | Caching techniques to improve latency in serverless architectures | |
| CN106845215A (en) | Based on safety protecting method and device under virtualized environment | |
| CN114338051B (en) | Method, device, equipment and medium for acquiring random number by block chain | |
| Liao et al. | Last-hdfs: Location-aware storage technique for hadoop distributed file system | |
| CN106844004B (en) | Security protection method and system based on virtualization environment | |
| CN110535862A (en) | A kind of flow rate testing methods, system, device and computer readable storage medium | |
| CN113794731B (en) | Method, device, equipment and medium for identifying CDN (content delivery network) -based traffic masquerading attack | |
| ElBanna et al. | NONYM! ZER: mitigation framework for browser fingerprinting | |
| Schmieders et al. | Architectural runtime models for privacy checks of cloud applications | |
| CN114595457A (en) | Task processing method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |