基于马尔可夫模型的云系统安全性与性能建模

doi:10.11772/j.issn.1001-9081.2019020257

计算机应用 ›› 2019, Vol. 39 ›› Issue (11): 3304-3309.DOI: 10.11772/j.issn.1001-9081.2019020257

基于马尔可夫模型的云系统安全性与性能建模

许瀚, 罗亮, 孙鹏, 孟飒

电子科技大学计算机科学与工程学院, 成都 611731

收稿日期:2019-02-15 修回日期:2019-04-03 发布日期:2020-12-11 出版日期:2019-11-10
通讯作者: 许瀚
作者简介:许瀚(1990-),男,四川成都人,博士研究生,主要研究方向:云计算、系统建模;罗亮(1980-),男,陕西汉中人,讲师,博士,CCF会员,主要研究方向:云计算、能耗建模、系统建模;孙鹏(1979-),男,河南洛阳人,讲师,博士,主要研究方向:云计算、自主计算、智能调度;孟飒(1987-),女,河北保定人,博士研究生,主要研究方向:云计算、资源调度。
基金资助:
国家自然科学基金资助项目（61602094）。

Cloud system security and performance modeling based on Markov model

XU Han, LUO Liang, SUN Peng, MENG Sa

College of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu Sichuan 611731, China

Received:2019-02-15 Revised:2019-04-03 Online:2020-12-11 Published:2019-11-10
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61602094).

摘要/Abstract

摘要： 针对云环境缺乏安全性评估的问题，提出一种评估系统安全性的建模方法，并建立了云环境下的安全性-性能（S-P）关联模型。首先，针对云系统中最重要的组成部分，即虚拟机，建立了评估其安全性的模型，该模型充分反映了安全机制和恶意攻击两个安全因素对虚拟机的影响；随后基于虚拟机与云系统之间的关系，提出评估云系统安全性的指标；其次，提出一种分层建模方法来建立S-P关联模型。利用队列理论对云计算系统的性能进行建模，然后基于贝叶斯理论和相关分析建立了安全性和性能之间的关联关系，并提出评估复杂S-P相关性的新指标。实验结果验证了理论模型的正确性，并揭示了安全因素引起的性能动态变化规律。

关键词: 云计算, 安全性建模, 性能建模, 马尔可夫模型, 排队论

Abstract: Aiming at the lack of security assessment in cloud environment, a cloud-based security modeling method was proposed, and a Security-Performance (S-P) association model in cloud environment was established. Firstly, a model was constructed for virtual machines, the most important component of the cloud system, to evaluate its security. The model fully reflected the impact of security mechanisms and malicious attacks on virtual machines. Secondly, based on the relationship between virtual machine and cloud system, an indicator was proposed for assessing the security of the cloud system. Thirdly, a hierarchical modeling method was proposed to establish an S-P association model. Queuing theory was used to model the performance of cloud computing systems, and the relationship between security and performance was established based on Bayesian theory and association analysis, and a new index for evaluating the association of complex S-P was proposed. Experimental results verify the correctness of the theoretical model and reveal the dynamic change rule of performance caused by safety factors.

Key words: cloud computing, security modeling, performance modeling, Markov model, queuing theory

中图分类号:

TP309.2

许瀚, 罗亮, 孙鹏, 孟飒. 基于马尔可夫模型的云系统安全性与性能建模[J]. 计算机应用, 2019, 39(11): 3304-3309.

XU Han, LUO Liang, SUN Peng, MENG Sa. Cloud system security and performance modeling based on Markov model[J]. Journal of Computer Applications, 2019, 39(11): 3304-3309.

参考文献

[1] GONZALES D, KAPLAN J M, SALTZMAN E, et al. Cloud-trust-a security assessment model for Infrastructure as a Service (IaaS) clouds[J]. IEEE Transactions on Cloud Computing, 2017, 5(3):523-536.
[2] LIU L, WANG A, ZANG W, et al. Shuffler:mitigate cross-VM side-channel attacks via hypervisor scheduling[C]//Proceedings of the 2018 International Conference on Security and Privacy in Communication Systems, LNICST 254. Berlin:Springer, 2018:491-511.
[3] SCHWARTZ M J. New virtualization vulnerability allows escape to hypervisor attacks[J]. Information Week Security, 2012, 4(2013):12.
[4] SINGH N, SINGH A K. SQL-injection vulnerabilities resolving using valid security tool in cloud[J]. Pertanika Journal of Science & Technology, 2019, 27(1):159-174.
[5] LI P, LI J, HUANG Z, et al. Privacy-preserving outsourced classification in cloud computing[J]. Cluster Computing, 2018, 21(1):277-286.
[6] HWANG K, BAI X, SHI Y, et al. Cloud performance modeling with benchmark evaluation of elastic scaling strategies[J]. IEEE Transactions on Parallel and Distributed Systems, 2016, 27(1):130-143.
[7] CAO J, HWANG K, LI K, et al. Optimal multiserver configuration for profit maximization in cloud computing[J]. IEEE Transactions On Parallel and Distributed Systems, 2013, 24(6):1087-1096.
[8] HWANG K, SHI Y, BAI X. Scale-out vs. scale-up techniques for cloud performance and productivity[C]//Proceedings of the 2014 IEEE 6th International Conference on Cloud Computing Technology and Science. Piscataway:IEEE, 2014:763-768.
[9] ZAMAN S, ADAMS B, HASSAN A E. Security versus performance bugs:a case study on FireFox[C]//Proceedings of the 8th Working Conference on Mining Software Repositories. New York:ACM, 2011:93-102.
[10] BATISTA B G, FERREIRA C H G, SEGURA D C M, et al. A QoS-driven approach for cloud computing addressing attributes of performance and security[J]. Future Generation Computer Systems, 2017, 68:260-274.
[11] ALIA M, LACOSTE M, HE R, et al. Putting together QoS and security in autonomic pervasive systems[C]//Proceedings of the 6th ACM Workshop on QoS and Security for Wireless and Mobile Networks. New York:ACM, 2010:19-28.
[12] WANG Y, LIN C, LI Q. Performance analysis of email systems under three types of attacks[J]. Performance Evaluation, 2010, 67(6):485-499.
[13] LOMBARDI F, DI PIETRO R. Secure virtualization for cloud computing[J]. Journal of Network and Computer Applications, 2011, 34(4):1113-1122.
[14] ARSHAD J, TOWNEND P, XU J. Quantification of security for compute intensive workloads in clouds[C]//Proceedings of the 15th International Conference on Parallel and Distributed Systems. Piscstaway:IEEE, 2009:479-486.
[15] OZKAN S. CVE details:the ultimate security vulnerabiltiy data source[EB/OL].[2018-09-10]. https://www.cvedetails.com/cve/CVE-2007-4593/
[16] KREIDL O P. Analysis of a Markov decision process model for intrusion tolerance[C]//Proceedings of the 2010 International Conference on Dependable Systems and Networks Workshops (DSN-W). Piscstaway:IEEE, 2010:156-161.
[17] MADAN B B, GOGEVA-POPSTOJANOVA K, VAIDYANATHAN K, et al. Modeling and quantification of security attributes of software systems[C]//Proceedings of the 2002 International Conference on Dependable Systems and Networks. Piscstaway:IEEE, 2002:505-514.
[18] XU F, LIU F, JIN H. Heterogeneity and interference-aware virtual machine provisioning for predictable performance in the cloud[J]. IEEE Transactions on Computers, 2016, 65(8):2470-2483.
[19] ZHU Z, DONG S, YU C. A text hybrid clustering algorithm based on HowNet semantics[J]. Key Engineering Materials, 2011,474/475/476:2071-2078.

基于马尔可夫模型的云系统安全性与性能建模

Cloud system security and performance modeling based on Markov model

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	刘勇, 杨锟. 新能源汽车电池回收网点竞争选址模型及算法[J]. 《计算机应用》唯一官方网站, 2024, 44(2): 595-603.
[2]	陆佳行, 戴华, 刘源龙, 周倩, 杨庚. 面向云环境密文排序检索的字典划分向量空间模型[J]. 《计算机应用》唯一官方网站, 2023, 43(7): 1994-2000.
[3]	高昊, 张庆科, 卜降龙, 李俊青, 张化祥. 基于协同变异与莱维飞行策略的教与学优化算法及其应用[J]. 《计算机应用》唯一官方网站, 2023, 43(5): 1355-1364.
[4]	游坤, 王钦辉, 李鑫. 通用的多元抵制假名的云计算拍卖机制[J]. 《计算机应用》唯一官方网站, 2023, 43(11): 3351-3357.
[5]	孙京宇, 朱家玉, 田自强, 史国振, 关川江. 基于椭圆曲线加密且支持撤销的属性基加密方案[J]. 《计算机应用》唯一官方网站, 2022, 42(7): 2094-2103.
[6]	张金泉, 徐寿伟, 李信诚, 王重洋, 徐景芝. 基于正交自适应鲸鱼优化的云计算任务调度[J]. 《计算机应用》唯一官方网站, 2022, 42(5): 1516-1523.
[7]	陈家豪, 殷新春. 基于云雾计算的可追踪可撤销密文策略属性基加密方案[J]. 计算机应用, 2021, 41(6): 1611-1620.
[8]	葛丽娜, 胡雨谷, 张桂芬, 陈园园. 云计算环境基于客体属性匹配的逆向混合访问控制方案[J]. 计算机应用, 2021, 41(6): 1604-1610.
[9]	杨翎, 姜春茂. 基于三支决策的虚拟机节能迁移策略[J]. 计算机应用, 2021, 41(4): 990-998.
[10]	孙晓玲, 杨光, 沈焱萍, 杨秋格, 陈涛. 基于可拆分倒排索引的可搜索加密方案[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3288-3294.
[11]	吕佳玉, 竺智荣, 姚志强. 云计算环境下的双通道数据动态加密策略[J]. 计算机应用, 2020, 40(8): 2268-2273.
[12]	霍纬纲, 王慧芳. 基于自编码器和隐马尔可夫模型的时间序列异常检测方法[J]. 计算机应用, 2020, 40(5): 1329-1334.
[13]	郭曙杰, 李志华, 蔺凯青. 云环境下基于模糊隶属度的虚拟机放置算法[J]. 计算机应用, 2020, 40(5): 1374-1381.
[14]	陈程军, 毛莺池, 王绎超. 基于激活-熵的分层迭代剪枝策略的CNN模型压缩[J]. 计算机应用, 2020, 40(5): 1260-1265.
[15]	许英鑫, 孙磊, 赵建成, 郭松辉. 基于蚁群优化算法的虚拟现场可编程门阵列部署策略[J]. 计算机应用, 2020, 40(3): 747-752.