针对云计算的服务模式屏蔽了云租户的物理硬件视图,不可信的云服务提供商(cloud service provider,CSP)可能利用廉价的硬盘资源通过虚拟化技术,违背服务等级协议约定(service level agreement,SLA)按物理内存定价标准为云租户提供服务这一问题,为了审计CSP提供内存服务的SLA合约性,提出了由Xen层到物理硬件层的内存轻量级测量的SLA合约性审计方案.同时引入可信启动机制和HyperSentry用于保证审计系统的可信启动和完整性运行,提出了带云租户签名机制的Diffie-Hellman密钥交换协议支持策略安全和可信告警.实验结果表明,在虚拟机运行环境下该方法能高效地进行内存SLA合约性审计,同时具有较高的云租户自定义策略扩展性和较低的性能开销.%Cloud service style has shield physical hardware view to cloud tenant,thus untrusted CSP (cloud service provider) may replace expensive physical memory by cheaper hard disk resource,which violates the SLA.Therefore,in order to audit memory SLA of cloud,a novel scheme for auditing physical memory of VM was proposed.This scheme is based on light-weight memory measurement SLA auditing by Xen layer to physical layer.Meanwhile,trust boot mechanism and HyperSentry module to ensure trust boot and integrity guarantee at running time were introduced.Then,digital signatures-based Diffie-Hellman key exchange protocol was also proposed to support strategy security exchange and trust alarm.The experimental results indicate that the proposed module can effectively audit VM memory SLA,and also support strong expansibility of cloud tenant customize strategy with low overhead.
展开▼
