CN107689892A - Virtual machine Placement Strategy selecting device, attack defense method and virtual machine deployment method, device coexists - Google Patents

Virtual machine Placement Strategy selecting device, attack defense method and virtual machine deployment method, device coexists Download PDF

Info

Publication number
CN107689892A
CN107689892A CN201710819146.2A CN201710819146A CN107689892A CN 107689892 A CN107689892 A CN 107689892A CN 201710819146 A CN201710819146 A CN 201710819146A CN 107689892 A CN107689892 A CN 107689892A
Authority
CN
China
Prior art keywords
virtual machine
strategy
placement strategy
resource
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710819146.2A
Other languages
Chinese (zh)
Other versions
CN107689892B (en
Inventor
霍树民
张淼
刘文彦
季新生
刘彩霞
扈红超
陈福才
王亚文
程国振
梁浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201710819146.2A priority Critical patent/CN107689892B/en
Publication of CN107689892A publication Critical patent/CN107689892A/en
Application granted granted Critical
Publication of CN107689892B publication Critical patent/CN107689892B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The present invention relates to a kind of virtual machine Placement Strategy selecting device, attack defense method and virtual machine deployment method, device coexists, wherein, virtual machine Placement Strategy selecting device includes:Policies Resource pond, for placing all optional virtual machine Placement Strategies;Random number generator, the random number of virtual machine Placement Strategy is chosen for generation strategy selecting module;The load information dynamic of strategy selection module, the random number provided according to random number generator and Servers-all, at random virtual machine Placement Strategy of the selection as current virtual machine resource allocation request from Policies Resource pond.The present invention utilizes the load information of Servers-all, the corresponding virtual machine Placement Strategy of choice of dynamical, solves to be easy to by situations such as malicious user Attack Predictions in conventional method very well;The ratio information of server is easy to calculate, and the amount of calculation of introducing can be ignored, and substantially reduce computation complexity, has very strong practical value;There is important directive significance to the safe practice of shared resource.

Description

Virtual machine Placement Strategy selecting device, attack defense method and deploying virtual machine coexists Method, apparatus
Technical field
The invention belongs to technical field of network security, more particularly to a kind of virtual machine Placement Strategy selecting device, coexist and attack Hit defence method and virtual machine deployment method, device.
Background technology
Cloud computing platform shares computing resource using virtualization technology, changes original computation schema, can improve hard Utilization rate, flexibility and the availability of part resource, have been widely used in many fields, as government affairs, medical treatment, health, education, Finance, national defence etc..Virtualization technology abstracts the physical resource of bottom, can according to user's request dynamic allocation of resources, Computing capability is not only increased, while energy consumption can be reduced.In order to maximize the use of bottom physical platform under cloud computing environment Efficiency, being typically different the virtual machine of user needs to operate on same server, and logic isolation comes each other, shares bottom Physical resource.
The resource of cloud computing platform unified management does not have region, species and framework limitation, and its opening can profit with resource With property be conventional any computation schema it is incomparable.However, the pattern of this resource-sharing is improving resource utilization Meanwhile also provided convenience to attacker.For example, the virtual machine of malicious user is same hard by being co-existed in target virtual machine In part server, the logic isolation mechanism between virtual machine then can be bypassed by establishment side channel, obtain target virtual machine On sensitive information.Varadarajan et al. experiment shows, is even widely used at present and the sub- horse of technology relative maturity Inferior EC2, Google GCE, the cloud environment such as Azure of Microsoft, attacker realize that the probability coexisted is also at a relatively high, existed greatly Potential safety hazard.Because the virtual machine placement method that these manufacturers use is fixed, single and static, malicious user mostly By the detection of certain time, the scheduling mechanism in these methods can just be come out by backstepping, and attacker can predict cloud meter in advance Calculation system distributes to the position of target virtual machine, so as to greatly increase the possibility of success attack.Once cloud computing service provides Business can not ensure the privacy of data, integrality, also just lose the basic trust of user, and the development of cloud computing will be limited System.Attack coexists in order to resist virtual machine in cloud computing platform, ensures that normal users sensitive information is not revealed, research is random, more Sample and dynamic virtual machine placement method have important practical significance.
The content of the invention
For deficiency of the prior art, the present invention provides a kind of virtual machine Placement Strategy selecting device, coexists to attack and prevent Imperial method and virtual machine deployment method, device, for it is fixed, single, static present in existing method the shortcomings of, consider to dispatch The situation such as algorithm backstepping and placement leak, by the corresponding virtual machine Placement Strategy of dynamic select, can effectively prevent cloud computing Attack coexists in virtual machine in environment, ensures the safety and reliability of shared resource.
According to design provided by the present invention, a kind of virtual machine Placement Strategy selecting device, comprising:Policy selection mould Block, Policies Resource pond and random number generator, wherein,
Policies Resource pond, for placing all optional virtual machine Placement Strategies;
Random number generator, the random number of virtual machine Placement Strategy is chosen for generation strategy selecting module;
Strategy selection module, work as being chosen to be used as from Policies Resource pond according to the random number that random number generator provides The virtual machine Placement Strategy of preceding resources of virtual machine distribution request.
Above-mentioned, each virtual machine Placement Strategy is provided with reference numeral in Policies Resource pond.
Above-mentioned, described random number generator is obeyed [0,1] section and is uniformly distributed.
It is a kind of that attack defense method is coexisted based on virtual machine Placement Strategy dynamic change, placed based on above-mentioned virtual machine Tactful selecting device realizes that implementation process includes following content:
A), for resources of virtual machine distribution request, according to presetting load status threshold parameter sets to all services Device is classified;
B), the server number included in each classification of statistics, and calculate its ratio with server sum;Will [0, 1] interval division is some subintervals;
C the random number being uniformly distributed in one [0,1] section of random function generation), is utilized by random number generator, according to According to the corresponding virtual machine Placement Strategy in random number selection strategy resource pool as the virtual of current virtual machine resource allocation request Machine Placement Strategy;
D), according to selected virtual machine Placement Strategy, the server for carrying described resources of virtual machine distribution request is obtained;
E respective server load information), is updated, returns to A) wait the new resources of virtual machine distribution request of reception processing.
Preferably, A) in load status threshold parameter sets T={ t1,t2,…,tM, j=1,2 ..., M, parameter in T Number M depends on the number of all optional virtual machine Placement Strategies.
Preferably, A) in setting T in element number add 2 be equal to optional virtual machine Placement Strategy numbers, load condition One kind is classified as in the server of same threshold interval.
Preferably, A) in setting 0, t1,t2,…,tM, 1 is an arithmetic progression, ti=i/ (M+1), i=1,2 ..., M.
Preferably, B) include following content:
B1), the server number included in each classification is designated as N respectively1, N2..., NM+2, its ratio point with total number N P is not designated as it1,p2,…,pM+2, wherein, pl=Nl/ N, l=1,2 ..., M+2;
B2), foundationThen there is M+2 section:
B3 it is M+2 different subintervals by [0,1] interval division, and be designated as respectively), according to data in M+2 section Z1,Z2,…,ZM+2
Further, C) the middle corresponding virtual machine Placement Strategy according in random number selection strategy resource pool, comprising:According to Section Z where machine numberl, l=1,2 ..., M+2, l-th of virtual machine Placement Strategy of Selection Strategy resource pool.
A kind of virtual machine deployment method, comprising:
Each strategy in Policies Resource pond is write in dispatching distribution component in the form of filter and weighing apparatus;
According to user's request parameter, dispatching distribution component is used accordingly using the random number selection of random number generator generation In the filter and weighing apparatus that perform dispatching algorithm;
According to each physical node resource information being collected into, dispatching distribution component was carried out by filter to physical node Filter, and marking can be weighted using situation to the resource of remaining physical node by weighing apparatus, chosen according to scoring event Physical node is used as node to be disposed;
The node to be disposed that dispatching distribution component notice is chosen carries out virtual machine instance deployment.
Described user's request parameter, is comprised at least:Virtual coprocessor number, memory size and disk space.
Marking can be weighted using situation to the resource of remaining physical node by weighing apparatus, according to weighting marking feelings The physical node that condition chooses highest scoring is used as node to be disposed.
A kind of deploying virtual machine device, comprising:Placement Strategy writing module, parameter acquisition module, Placement Strategy choose mould Block, node filtering module, computing module and deployment module, wherein,
Placement Strategy writing module, for each strategy in Policies Resource pond to be write in the form of filter and weighing apparatus In dispatching distribution component;
Parameter acquisition module, user obtain user's request parameter, user's request parameter are transmitted to dispatching distribution component;
Placement Strategy chooses module, what dispatching distribution component was generated according to user's request parameter and using random number generator Random number selection is used for the filter and weighing apparatus for performing dispatching algorithm accordingly;
Node filtering module, collects each physical node system information and regular reporting physical node resource can utilize situation, Dispatching distribution component is filtered according to resource available information by filter to physical node;
Computing module, dispatching distribution component can utilize situation by weighing apparatus to the resource of remaining physical node after filtering Marking is weighted, choosing physical node according to scoring event is used as node to be disposed;
Deployment module, the node to be disposed that dispatching distribution component notice is chosen carry out virtual machine instance deployment.
Beneficial effects of the present invention:
The present invention utilizes the load information of Servers-all, and the corresponding virtual machine Placement Strategy of choice of dynamical can be fine Solve conventional method because of stationarity, nature static and unicity to be easy to by feelings such as the corresponding Placement Strategies of malicious user Attack Prediction Shape;The ratio information of server is easy to calculate, and the amount of calculation of introducing can be ignored, and has very strong practical value;To altogether Enjoying the safe practice of resource has important directive significance.
Brief description of the drawings:
Fig. 1 is the virtual machine Placement Strategy selecting device schematic diagram in the present invention;
Fig. 2 is that attack defense method schematic flow sheet coexists in the present invention;
Fig. 3 is the virtual machine deployment method schematic flow sheet in the present invention;
Fig. 4 is the deploying virtual machine schematic device in the present invention;
Fig. 5 is that attack defense method flow chart coexists based on virtual machine Placement Strategy mobilism in embodiment;
Fig. 6 is Placement Strategy pond structure and Placement Strategy system of selection flow chart in embodiment;
Fig. 7 is that the attack defense method that coexists based on virtual machine Placement Strategy mobilism is based on OpenStack in embodiment Realize block diagram.
Embodiment:
To make the object, technical solutions and advantages of the present invention clearer, clear, below in conjunction with the accompanying drawings with technical scheme pair The present invention is described in further detail.
Cloud computing platform shares computing resource using virtualization technology, and the resource of cloud computing platform unified management is without ground Domain, species and framework limitation, its open and resource utilizability be conventional any computation schema it is incomparable.So And the pattern of this resource-sharing is also provided convenience while resource utilization is improved to attacker.Existing manufacturer uses Virtual machine placement method be fixed, single and static mostly, malicious user passes through the detection of certain time, in these methods Scheduling mechanism can just be come out by backstepping, attacker can predict the position that cloud computing system distributes to target virtual machine in advance, So as to greatly increase the possibility of success attack.In consideration of it, the embodiments of the invention provide a kind of selection of virtual machine Placement Strategy Device, it is shown in Figure 1, comprising:Strategy selection module 101, Policies Resource pond 102 and random number generator 103, wherein,
Policies Resource pond 101, for placing all optional virtual machine Placement Strategies;
Random number generator 102, the random number of virtual machine Placement Strategy is chosen for generation strategy selecting module;
Strategy selection module 103, for choosing work from Policies Resource pond according to the random number that random number generator provides For the virtual machine Placement Strategy of current virtual machine resource allocation request.
All virtual machine Placement Strategies are combined into a Policies Resource pond, support is provided for the variation of Placement Strategy, Strategy selection module can be in dynamic selection strategy resource pool strategy.
For ease of calculating, each virtual machine Placement Strategy is provided with reference numeral in Policies Resource pond.
Above-mentioned, described random number generator is obeyed [0,1] section and is uniformly distributed.
Based on above-mentioned virtual machine Placement Strategy selecting device, embodiments of the invention are also provided one kind and put based on virtual machine The attack defense method that coexists of tactful dynamic change is put, it is shown in Figure 2, include following content:
001), for resources of virtual machine distribution request, according to presetting load status threshold parameter sets to all clothes Business device is classified;
002), the server number included in each classification of statistics, and its ratio with server sum is calculated, and profit By [0,1] interval division it is some subintervals with the ratio being calculated;
003) random number being uniformly distributed in one [0,1] section of random function generation, is utilized by random number generator, According to void of the corresponding virtual machine Placement Strategy in random number selection strategy resource pool as current virtual machine resource allocation request Plan machine Placement Strategy;
004), according to selected virtual machine Placement Strategy, the service of the described resources of virtual machine distribution request of carrying is obtained Device;
005) respective server load information, is updated, returning to the resources of virtual machine distribution for 001) waiting reception processing new please Ask.
Preferably, load status threshold parameter sets T={ t in 001)1,t2,…,tM, j=1,2 ..., M, parameter in T Number M depend on the numbers of all optional virtual machine Placement Strategies.
Preferably, the number of element adds 2 numbers for being equal to optional virtual machine Placement Strategy in setting T in 001), loads shape State is classified as one kind in the server of same threshold interval.
Preferably, setting 0, t in 001)1,t2,…,tM, 1 is an arithmetic progression, ti=i/ (M+1), i=1,2 ..., M。
Preferably, following content 002) is included:
B1), the server number included in each classification is designated as N respectively1, N2..., NM+2, its ratio point with total number N P is not designated as it1,p2,…,pM+2, wherein, pl=Nl/ N, l=1,2 ..., M+2;
B2), foundationThen there is M+2 section:
B3 it is M+2 different subintervals by [0,1] interval division, and be designated as respectively), according to data in M+2 section Z1,Z2,…,ZM+2
Further, the corresponding virtual machine Placement Strategy in 003) in foundation random number selection strategy resource pool, comprising:Foundation Section Z where random numberl, l=1,2 ..., M+2, l-th of virtual machine Placement Strategy of Selection Strategy resource pool.
For convenience of description, some symbols are first introduced, if the server count N that cloud computing environment includes, and remember i-th of service Device is si, 1≤i≤N, the load condition of i-th of server is bi∈ [0,1], especially, bi=0, which represents that the server is in, closes Machine or resting state, bi=1 represents that the server is in the state of operating at full capacity.System load threshold parameter set T={ t1, t2,…,tM, j=1,2 ..., M, wherein,Usual M<N, T can immobilize or enter on demand Row adjustment.Following content is run after receiving resources of virtual machine distribution request:
The first step, [0,1] is completely divided into M+2 section according to T, is respectively:{ 0 }, (0, t1], (t1,t2] ..., (tM, 1], especially, server load state of set { 0 } representative in dormancy or off-mode, server oepration at full load, When the virtual machine for not having spare resources receiving new is asked, its load condition is 1, and load condition is fallen into the service in a section Device is classified as one kind, and counts per class server number, if for example, b1∈(t1,t2], b2∈(tM, 1], b3∈(t1,t2], then b1With b3It is classified as the 3rd class, b2It is classified as last one kind;
Second step, the server number and director server number N included per class ratio is calculated, and according to these ratios pair [0,1] section is completely divided into M+2 section, is designated as Z respectively1,Z2,…,ZM+2
3rd step, a random number k, foundation are generated using equally distributed random number generator in section [0,1] is obeyed Subinterval (Z residing for itl, l=1,2 ..., M+2) and l-th of virtual machine Placement Strategy in Placement Strategy pond is chosen, place plan Slightly pond comprises at least M+2 different Placement Strategies, and common such as rotation schedule strategy, (circulation selects each to have foot according to this The server carrying resources of virtual machine distribution request of enough surplus resources), most virtual machine scheduling policies (it is virtual to choose current carrying Machine resource at most and the server that still there are surplus resources to carry new resources of virtual machine distribution request), minimum scheduling virtual machine plan Slightly (choosing the minimum server of current carrying resources of virtual machine), random virtual machine allocation strategy (randomly select one with surplus The server of the remaining new resources of virtual machine distribution request of resource bearing) etc.;
4th step, according to the virtual machine Placement Strategy chosen, select corresponding server si, it is only necessary to determine corresponding clothes Business device, without completing whole resources of virtual machine assigning process, specific resources of virtual machine batch operation can be serviced with other Process is completed;
5th step, updates the load information of Servers-all, returns to that the first step etc. is to be received or processing is in buffer queue In new virtual machine distribution request.
Using the load information of Servers-all, the corresponding virtual machine Placement Strategy of choice of dynamical, can solve to pass very well The shortcomings that system method is easy to Placement Strategy corresponding by malicious user Attack Prediction because of stationarity, nature static and unicity, improve The safety and reliability of shared resource, substantially reduce the cost that virtual deployment calculates.
Based on the above, the embodiment of the present invention also proposes a kind of virtual machine deployment method, shown in Figure 3, comprising:
011), each strategy in Policies Resource pond is write in dispatching distribution component in the form of filter and weighing apparatus;
012) phase, is selected using the random number of random number generator generation according to user's request parameter, dispatching distribution component That answers is used to perform the filter and weighing apparatus of dispatching algorithm;
013), according to each physical node resource information being collected into, dispatching distribution component is by filter to physical node Filtered, and marking can be weighted using situation to the resource of remaining physical node by weighing apparatus, according to score feelings Condition chooses physical node and is used as node to be disposed;
014), the node to be disposed that dispatching distribution component notice is chosen carries out virtual machine instance deployment.
Described user's request parameter, is comprised at least:Virtual coprocessor number, memory size and disk space.
Marking can be weighted using situation to the resource of remaining physical node by weighing apparatus, according to weighting marking feelings The physical node that condition chooses highest scoring is used as node to be disposed.
Based on above-mentioned virtual machine deployment method, embodiments of the invention also provide a kind of deploying virtual machine device, referring to Shown in Fig. 4, comprising:Placement Strategy writing module 201, parameter acquisition module 202, Placement Strategy choose module 203, node filtering Module 204, computing module 205 and deployment module 206, wherein,
Placement Strategy writing module 201, for will in Policies Resource pond it is each strategy in the form of filter and weighing apparatus Write in dispatching distribution component;
Parameter acquisition module 202, user obtain user's request parameter, user's request parameter are transmitted to dispatching distribution group Part;
Placement Strategy chooses module 203, and dispatching distribution component is given birth to according to user's request parameter and using random number generator Into random number selection be used to perform the filter and weighing apparatus of dispatching algorithm accordingly;
Node filtering module 204, collects each physical node system information and regular reporting physical node resource can utilize feelings Condition, dispatching distribution component are filtered according to resource available information by filter to physical node;
Computing module 205, dispatching distribution component are available to the resource of remaining physical node after filtering by weighing apparatus Situation is weighted marking, and choosing physical node according to scoring event is used as node to be disposed;
Deployment module 206, the node to be disposed that dispatching distribution component notice is chosen carry out virtual machine instance deployment.
5~7 couples of present invention are further explained explanation below in conjunction with the accompanying drawings:
Shown in Figure 5 coexists attack defending based on virtual machine Placement Strategy mobilism:
Step A01:Request, the load status threshold parameter that the system that is first according to has been set in advance are placed for new virtual machine Set T={ t1,t2,…,tM, j=1,2 ..., M, Servers-all is classified, the number of class by element number in T and It is fixed, and the number of parameter depends on the number of all optional virtual machine Placement Strategies in T, is normally set up the number of element in T Add 2 numbers for being equal to optional virtual machine Placement Strategy, load condition is classified as one kind, t in the server of same threshold interval1, t2,…,tMConcrete numerical value depend on the circumstances, such as setting 0, t1,t2,…,tM, 1 forms an arithmetic progression, then easily calculates To ti=i/ (M+1), i=1,2 ..., M.
Step A02:Calculate the server number that each class includes and (be designated as N respectively1, N2..., NM+2) with total number N ratio Value, and p is designated as respectively1,p2,…,pM+2, i.e. pl=Nl/ N, l=1,2 ..., M+2.Obviously haveIt can correspond in addition One group of M+2 section:This ratio Value can change with the change of each server load, have certain randomness, thus using these ratios by [0,1] area Between be divided into M+2 different subintervals, and be designated as Z respectively1,Z2,…,ZM+2
Step A03:The random number in [0, a 1] section is generated using equally distributed random function, according to random number The section Z at placel, l=1,2 ..., M+2 are so common by first three step to determine the Placement Strategy that will be used in next step Mobilism, randomization and the variation of virtual machine Placement Strategy are realized, now, can generally select l-th of strategy of resource pool As selected placement.
Step A04:According to selected Placement Strategy, the server of carrying resources of virtual machine request is calculated, other have The resources of virtual machine batch operation of body can allow special service processes to be handled.
Step A05:The load information of respective server is updated, waits resources of virtual machine distribution to be received or that processing is new please Ask, and re-executed from step A01.
Placed and asked according to virtual machine, Servers-all is classified according to default load status threshold, calculated Server count accounts for the ratio of all service node numbers included in each classification;Utilize the random number for being uniformly distributed random function generation Place section dynamic selects virtual machine Placement Strategy from Placement Strategy pond;And select phase according to selected virtual machine Placement Strategy The server answered, start specific resources of virtual machine batch operation, and update corresponding server load information, return and received according to new To virtual machine place request re-execute, realize virtual machine place dynamic, randomness and diversity, effectively resist cloud meter That calculates virtual machine in platform coexists attack, and guarantee user sensitive information is not revealed, and improves the security of shared resource.
Virtual machine Placement Strategy pond structure shown in Figure 6 and Placement Strategy selection:
Step B01:All optional virtual machine Placement Strategies are combined as a Policies Resource pond, such as poll, at most void Plan machine, random and minimum virtual machine strategy etc., and each strategy is numbered, M+2 placement plan is comprised at least in resource pool Slightly, used for strategy selection module, if being more than M+2 Placement Strategy, policy selection can be supplied so that dynamic select M+2 therein is individual Module is used, and all Placement Strategies are combined into a tactful resource pool, and support is provided for the variation of Placement Strategy.
Step B02:A random number is generated using the equally distributed random number generator in [0,1] section is obeyed, if should be with Machine is scolded in subinterval ZlIn, then strategy selection module is using l-th of strategy in selection strategy pond as the virtual of this request Machine Placement Strategy.
Multiple strategies are provided with Placement Strategy pond, for strategy selection module choice of dynamical;Strategy chooses module and utilizes [0,1] The equally distributed random number generator dynamic random in section chooses Placement Strategy, realizes the dynamic change of virtual machine Placement Strategy, The attack that coexists to virtual machine is effectively defendd.
Deploying virtual machine implementation process based on OpenStack and dynamic Placement Strategy shown in Figure 7:
Step C01:Each strategy in virtual machine Placement Strategy pond is written in the form of filter and weighing apparatus In Nova-Scheduler components.
Step C02:User to Nova-Api components send ask, application establishment meet user's request (including vcpu quantity, Memory size, disk space etc.) virtual machine instance.
Step C03:After Nova-Api receives request, Nova-Api components are by RabbitMQ to Nova-Scheduler Message is sent, then Nova-Scheduler utilizes the virtual machine Placement Strategy system of selection in embodiment two to select corresponding thing The filter and weighing apparatus first disposed perform dispatching algorithm.
Step C04:All Nova-Compute components are believed according to the system of the Hypervisor each physical nodes being collected into Breath, regular reporting resource can utilize situation.According to the resource information of report, Nova-Scheduler is first with corresponding filter Undesirable physical node is filtered, is then based on the resource that weighing apparatus are reported according to it remaining physical node Marking is weighted using situation, the physical node for selecting highest scoring carries out example placement.
After physical node is selected, Nova-Scheduler is by RabbitMQ to the Nova- on corresponding physical node Compute components send message, notify it to start to dispose virtual machine instance.
Virtual machine Placement Strategy pond writes Nova-Scheduler, Nova-Scheduler in the form of filter and weighing apparatus Pass through the above-mentioned corresponding filter and weighing apparatus disposed in advance of virtual machine Placement Strategy system of selection dynamic random selection Perform, solve existing cloud environment manufacturer using virtual machine place because fixation, it is single and static etc. caused by the safety such as information leakage Problem, effectively resist cloud computing platform virtual machine and attack coexists, by dynamic random and diversified virtual machine Placement Strategy, greatly The big security for ensureing shared resource in network, network security technology, which is promoted, has important directive significance.
Each embodiment is described by the way of progressive in this specification, what each embodiment stressed be and other The difference of embodiment, between each embodiment identical similar portion mutually referring to.For device disclosed in embodiment For, because it is corresponded to the method disclosed in Example, so description is fairly simple, related part is said referring to method part It is bright.
With reference to the embodiments described herein describe each example unit and method and step, can with electronic hardware, Computer software or the combination of the two are realized, in order to clearly demonstrate the interchangeability of hardware and software, in described above In the composition and step of each example have been generally described according to function.These functions are held with hardware or software mode OK, the application-specific and design constraint depending on technical scheme.Those of ordinary skill in the art can be to each specific Using realizing described function using distinct methods, but this realization be not considered as it is beyond the scope of this invention.
One of ordinary skill in the art will appreciate that all or part of step in the above method can be instructed by program Related hardware is completed, and described program can be stored in computer-readable recording medium, such as:Read-only storage, disk or CD Deng.Alternatively, all or part of step of above-described embodiment can also be realized using one or more integrated circuits, accordingly Ground, each module/unit in above-described embodiment can be realized in the form of hardware, can also use the shape of software function module Formula is realized.The present invention is not restricted to the combination of the hardware and software of any particular form.
The foregoing description of the disclosed embodiments, professional and technical personnel in the field are enable to realize or using the application. A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein General Principle can be realized in other embodiments in the case where not departing from spirit herein or scope.Therefore, the application The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one The most wide scope caused.

Claims (10)

1. a kind of virtual machine Placement Strategy selecting device, it is characterised in that include:Strategy selection module, Policies Resource pond and with Machine number maker, wherein,
Policies Resource pond, for placing all optional virtual machine Placement Strategies;
Random number generator, the random number of virtual machine Placement Strategy is chosen for generation strategy selecting module;
Strategy selection module, for being chosen according to the random number that random number generator provides from Policies Resource pond as current empty The virtual machine Placement Strategy of plan machine resource allocation request.
2. virtual machine Placement Strategy selecting device according to claim 1, it is characterised in that each empty in Policies Resource pond Plan machine Placement Strategy is provided with reference numeral.
3. virtual machine Placement Strategy selecting device according to claim 1, it is characterised in that described random number generator [0,1] section is obeyed to be uniformly distributed.
4. a kind of coexist attack defense method based on virtual machine Placement Strategy dynamic change, it is characterised in that will based on right The virtual machine Placement Strategy selecting device described in 1 is asked to realize that implementation process includes following content:
A), for resources of virtual machine distribution request, Servers-all is entered according to load status threshold parameter sets are preset Row classification;
B), the server number included in each classification of statistics, and calculate its ratio with server sum;By [0,1] area Between be divided into some subintervals;
C), by random number generator using be uniformly distributed random function generate [0, a 1] section in random number, according to Corresponding virtual machine Placement Strategy in machine number selection strategy resource pool is put as the virtual machine of current virtual machine resource allocation request Put strategy;
D), according to selected virtual machine Placement Strategy, the server for carrying described resources of virtual machine distribution request is obtained;
E respective server load information), is updated, returns to A) wait the new resources of virtual machine distribution request of reception processing.
5. according to claim 4 coexist attack defense method based on virtual machine Placement Strategy dynamic change, its feature Be, A) in load status threshold parameter sets T={ t1,t2,…,tM, j=1,2 ..., M, the number M of parameter is depended in T All numbers of optional virtual machine Placement Strategy;Setting 0, t in separately, it is preferable that A)1,t2,…,tM, 1, which is one, waits difference Row, ti=i/ (M+1), i=1,2 ..., M.
6. according to claim 5 coexist attack defense method based on virtual machine Placement Strategy dynamic change, its feature Be, A) in setting T in element number add 2 be equal to optional virtual machine Placement Strategy numbers, load condition is in same threshold The server in value section is classified as one kind;Further, B) include following content:
B1), the server number included in each classification is designated as N respectively1, N2..., NM+2, itself and total number N ratio remembers respectively For p1,p2,…,pM+2, wherein, pl=Nl/ N, l=1,2 ..., M+2;
B2), foundationThen there is M+2 section:[0,p1), [p1,p1+p2) ...,
B3 it is M+2 different subintervals by [0,1] interval division, and be designated as Z respectively), according to data in M+2 section1, Z2,…,ZM+2
Corresponding virtual machine Placement Strategy in separately, it is preferred that C) in foundation random number selection strategy resource pool, comprising:According to Section Z where machine numberl, l=1,2 ..., M+2, l-th of virtual machine Placement Strategy of Selection Strategy resource pool.
7. a kind of virtual machine deployment method, it is characterised in that include:
Each strategy in Policies Resource pond is write in dispatching distribution component in the form of filter and weighing apparatus;
According to user's request parameter, the random number selection that dispatching distribution component is generated using random number generator is used to hold accordingly The filter and weighing apparatus of row dispatching algorithm;
According to each physical node resource information being collected into, dispatching distribution component is filtered by filter to physical node, And marking can be weighted using situation to the resource of remaining physical node by weighing apparatus, physics is chosen according to scoring event Node is used as node to be disposed;
The node to be disposed that dispatching distribution component notice is chosen carries out virtual machine instance deployment.
8. virtual machine deployment method according to claim 7, it is characterised in that described user's request parameter, at least wrap Contain:Virtual coprocessor number, memory size and disk space.
9. virtual machine deployment method according to claim 7, it is characterised in that by weighing apparatus to remaining physical node Resource can be weighted marking using situation, the physical node of highest scoring is chosen as waiting to dispose according to weighting marking situation Node.
10. a kind of deploying virtual machine device, it is characterised in that include:Placement Strategy writing module, parameter acquisition module, place Strategy chooses module, node filtering module, computing module and deployment module, wherein,
Placement Strategy writing module, dispatched for each strategy in Policies Resource pond to be write in the form of filter and weighing apparatus In allocation component;
Parameter acquisition module, user obtain user's request parameter, user's request parameter are transmitted to dispatching distribution component;
Placement Strategy chooses module, and dispatching distribution component generates random according to user's request parameter and using random number generator Number selection is used for the filter and weighing apparatus for performing dispatching algorithm accordingly;
Node filtering module, collects each physical node system information and regular reporting physical node resource can utilize situation, dispatches Allocation component is filtered according to resource available information by filter to physical node;
Computing module, dispatching distribution component can be carried out by weighing apparatus to the resource of remaining physical node after filtering using situation Weighting marking, physical node is chosen according to scoring event and is used as node to be disposed;
Deployment module, the node to be disposed that dispatching distribution component notice is chosen carry out virtual machine instance deployment.
CN201710819146.2A 2017-09-12 2017-09-12 Coexistence attack defense method Active CN107689892B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710819146.2A CN107689892B (en) 2017-09-12 2017-09-12 Coexistence attack defense method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710819146.2A CN107689892B (en) 2017-09-12 2017-09-12 Coexistence attack defense method

Publications (2)

Publication Number Publication Date
CN107689892A true CN107689892A (en) 2018-02-13
CN107689892B CN107689892B (en) 2020-11-10

Family

ID=61156184

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710819146.2A Active CN107689892B (en) 2017-09-12 2017-09-12 Coexistence attack defense method

Country Status (1)

Country Link
CN (1) CN107689892B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833528A (en) * 2018-06-11 2018-11-16 郑州云海信息技术有限公司 A kind of cloud platform colony dispatching method and apparatus
CN109445931A (en) * 2018-08-31 2019-03-08 安徽四创电子股份有限公司 A kind of big data resource scheduling system and method
CN112822192A (en) * 2021-01-06 2021-05-18 中山大学 User-demand-oriented safety function service network system and implementation method thereof

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6473851B1 (en) * 1999-03-11 2002-10-29 Mark E Plutowski System for combining plurality of input control policies to provide a compositional output control policy
CN102611622A (en) * 2012-02-28 2012-07-25 清华大学 Dispatching method for working load of elastic cloud computing platform
CN103607459A (en) * 2013-11-21 2014-02-26 东北大学 Dynamic resource monitoring and scheduling method of cloud computing platform IaaS layer
CN104951354A (en) * 2015-06-08 2015-09-30 北京大学 Virtual machine dispatch algorithm security verification method based on dynamic migration

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6473851B1 (en) * 1999-03-11 2002-10-29 Mark E Plutowski System for combining plurality of input control policies to provide a compositional output control policy
CN102611622A (en) * 2012-02-28 2012-07-25 清华大学 Dispatching method for working load of elastic cloud computing platform
CN103607459A (en) * 2013-11-21 2014-02-26 东北大学 Dynamic resource monitoring and scheduling method of cloud computing platform IaaS layer
CN104951354A (en) * 2015-06-08 2015-09-30 北京大学 Virtual machine dispatch algorithm security verification method based on dynamic migration

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833528A (en) * 2018-06-11 2018-11-16 郑州云海信息技术有限公司 A kind of cloud platform colony dispatching method and apparatus
CN109445931A (en) * 2018-08-31 2019-03-08 安徽四创电子股份有限公司 A kind of big data resource scheduling system and method
CN112822192A (en) * 2021-01-06 2021-05-18 中山大学 User-demand-oriented safety function service network system and implementation method thereof
CN112822192B (en) * 2021-01-06 2022-10-21 中山大学 User-demand-oriented safety function service network system and implementation method thereof

Also Published As

Publication number Publication date
CN107689892B (en) 2020-11-10

Similar Documents

Publication Publication Date Title
CN102193853B (en) Monitor of virtual machine and its dispatching method
Abdulhamid et al. Fault tolerance aware scheduling technique for cloud computing environment using dynamic clustering algorithm
Wolke et al. More than bin packing: Dynamic resource allocation strategies in cloud data centers
Dashti et al. Dynamic VMs placement for energy efficiency by PSO in cloud computing
CN106980492B (en) For the device of calculating, system, method, machine readable storage medium and equipment
Marahatta et al. Energy-aware fault-tolerant dynamic task scheduling scheme for virtualized cloud data centers
Moschakis et al. Multi-criteria scheduling of Bag-of-Tasks applications on heterogeneous interlinked clouds with simulated annealing
CN104102543B (en) The method and apparatus of adjustment of load in a kind of cloud computing environment
CN107689892A (en) Virtual machine Placement Strategy selecting device, attack defense method and virtual machine deployment method, device coexists
CN106293914B (en) A kind of method and terminal of task schedule
Liu et al. Security-aware resource allocation for mobile cloud computing systems
CN108173698A (en) Network service management method, apparatus, server and storage medium
WO2016101996A1 (en) Allocating cloud computing resources in a cloud computing environment
CN101764821A (en) Method for evaluating trust of user action in trusted network
Pasdar et al. Hybrid scheduling for scientific workflows on hybrid clouds
Simao et al. Flexible slas in the cloud with a partial utility-driven scheduling architecture
CN113486042B (en) Data processing method, device, computer readable medium and electronic equipment
Billard et al. Effects of delayed communication in dynamic group formation
Levitin et al. Reliability versus Vulnerability of N-Version Programming Cloud Service Component With Dynamic Decision Time Under Co-Resident Attacks
Wilczyński Using polymatrix extensive Stackelberg games in security–aware resource allocation and task scheduling in computational clouds
CN103793274B (en) Delta Time piece adjusting apparatus and method in a kind of CREDIT schedulers
CN110347502A (en) Load equilibration scheduling method, device and the electronic equipment of cloud host server
CN113703945B (en) Micro service cluster scheduling method, device, equipment and storage medium
Xu et al. Data verification tasks scheduling based on dynamic resource allocation in mobile big data storage
Cocaña-Fernández et al. Improving the energy efficiency of virtual data centers in an IT service provider through proactive fuzzy rules-based multicriteria decision making

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant