您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2017, Vol. 52 ›› Issue (3): 60-67.doi: 10.6040/j.issn.1671-9352.2.2016.105

• • 上一篇    下一篇

一种IaaS多租户环境下虚拟机软件更新服务机制

陈广瑞,陈兴蜀*,王毅桐,葛龙   

  1. 四川大学计算机学院, 四川 成都 610065
  • 收稿日期:2016-08-16 出版日期:2017-03-20 发布日期:2017-03-20
  • 通讯作者: 陈兴蜀(1968— ),女,博士,教授,研究方向为云计算安全、大数据安全、可信计算. E-mail:chenxsh@scu.edu.cn E-mail:greal_chen@qq.com
  • 作者简介:陈广瑞(1990— ),男,硕士研究生,研究方向为云计算安全、网络虚拟化. E-mail:greal_chen@qq.com
  • 基金资助:
    国家自然科学基金资助项目(61272447)

A software update mechanism for virtual machines in IaaS multi-tenant environment

CHEN Guang-rui, CHEN Xing-shu*, WANG Yi-tong, GE Long   

  1. College of Computer Science, Sichuan University, Sichuan 610065, Chengdu, China
  • Received:2016-08-16 Online:2017-03-20 Published:2017-03-20

PDF (PC)

502

摘要: 针对当前IaaS环境下虚拟机中软件版本不易管理以及软件更新不及时带来的安全问题,研究了一种适用于云计算环境下租户虚拟机应用软件更新和系统补丁升级的服务机制。首先,该机制建立了统一的管理框架,实现了软件和补丁的便捷管理;其次,该机制借助Linux网络命名空间的方式将更新服务接入到不同租户的虚拟网络,实现了不同租户的更新服务的灵活接入和安全隔离;最后,针对更新相同软件和补丁的批量虚拟机,采用可靠多播的方式进行软件和补丁分发,大大减小了网络流量,节省了网络资源。实验结果表明,该机制可以有效地提高软件和补丁的分发效率、节省网络资源、减小CPU的消耗,同时保证不同租户更新服务的隔离性。

关键词: 基础设施即服务, 云计算, 网络虚拟化, 补丁升级, 软件更新, 可靠多播

Abstract: To facilitate the management of software versions in Virtual Machines(VMs)in Infrastructure as a Service(IaaS)environment and reduce the potential security issue is introduced by outdated softwares, a software update mechanism was studied. Firstly, a unified management framework was proposed, and the update tasks are managed by platform instead of users themselves. And then, the mechanism accesses the update service to tenant network using Linux Network Namespace, and isolates the different tenants update services. Lastly, for the same update tasks, this mechanism distributes the software packages in reliable multicast way, which greatly reduces network traffics and saves network resources. The result showed that this mechanism could effectively improve the efficiency of software distribution, save the network resources, reduce the CPU consumption, and ensure the isolation of different tenants update services.

Key words: cloud computing, patch update, reliable multicast, network virtualization, software update, IaaS

中图分类号: 

  • TP393
[1] 中国国家标准化管理委员会. GB/T 31167-2014信息安全技术: 云计算服务安全指南[S].北京:中国标准出版社,2014. Standardization Administration of the Peoples Republic of China. GB/T 31167-2014 Information security technology-security guide of cloud computing service[S]. Beijing: Standards Press of China, 2014.
[2] 陈兴蜀,罗永刚,罗锋盈.《信息安全技术 云计算服务安全指南》解读与实施[M].北京:科学出版社,2015. CHEN Xingshu, LUO Yonggang, LUO Fengying. The interpretation and implementation of Information security technology-Security guide of cloud computing service[M]. Beijing: Science Press, 2015.
[3] Cloud Security Alliance. Cloud Controls Matrix v3.0[EB/OL].(2016-03-18)[2016-05-05]. https://downloads.cloudsecurityalliance.org/initiatives/ccm/CSA_CCM_v3.0.xlsx
[4] BRUNETTE G, MOGULL R. Security guidance for critical areas of focus in cloud computing v3.0[M]. Toronto: Cloud Security Alliance, 2011: 1-177.
[5] KRUTZ R L, VINES R D. Cloud security: a comprehensive guide to secure cloud computing[M]. New York: John Wiley & Sons, 2010.
[6] 王含章. 可信云计算平台模型的研究及其改进[D]. 合肥: 中国科学技术大学, 2011. WANG Hanzhang. Research and improvement on the model of trusted cloud computing platform[D]. Hefei: University of Science and Technology of China, 2011.
[7] DIOGENES Y, GILBERT J, GRONLUND C J. Best practices for software updates on Microsoft Azure IaaS[EB/OL].(2016-03-22)[2016-05-06]. https://azure.microsoft.com/zh-cn/documentation/articles/azure-security-best-practices-software-updates-iaas
[8] 阿里云.阿里云盾补丁管理[EB/OL].[2016-05-06]. https://help.aliyun.com/product/9091838_28360.html?spm=5176.776708449.6.66.8rblHE Alibaba Cloud, Patch Management in Alibaba Cloud[EB/OL].[2016-05-06]. https://help.aliyun.com/product/9091838_28360.html?spm=5176.776708449.6.66.8rblHE
[9] LIU Kai, ZOU Deqing, JIN Hai. Software Update as a Service for the IaaS Cloud[C] // IEEE International Conference on Services Computing. New York: IEEE, 2015: 483-490.
[10] YAMATO Y. Automatic verification technology of software patches for user virtual environments on IaaS cloud[J]. Springer Journal of Cloud Computing, 2015, 10:S165-S167.
[11] YAMATO Y. Automatic verification for plural virtual machines patches[C] // International Conference on Ubiquitous and Future Networks. Sapporo: IEEE Computer Society, 2015: 837-838.
[12] YAMADA H, TONOSAKI S, KONO K. Efficient update activation for virtual machines in Iaas cloud computing environments[J]. IEICE Transactions on Information and Systems, 2014, E97-D(3): 469-479.
[13] UFTP-Encrypted UDP based FTP with multicast[EB/OL].[2016-05-06]. http://uftp-multicast.sourceforge.net/
[14] 陈兴蜀, 胡亮, 陈广瑞, 等.虚拟网络环境下安全服务接入方法[J].华中科技大学学报(自然科学版), 2016,44(3):49-54. CHEN Xingshu, HU Liang, CHEN Guangrui, et al. Security service access method for virtual network[J]. Journal of Hangzhou University of Science and Technology(Natural Science Edition), 2016, 44(3):49-54.
[15] LAURIKAINEN R. Improving the efficiency of deploying virtual machines in a cloud environment[D]. Degree Programme of Computer Science and Engineering, School of Science, Aalto University, 2012.
[1] 王小艳,陈兴蜀,王毅桐,葛龙. 基于OpenStack的云计算网络性能测量与分析[J]. 山东大学学报(理学版), 2018, 53(1): 30-37.
[2] 韩盼盼,秦静. 云计算中可验证的外包数据库加密搜索方案[J]. 山东大学学报(理学版), 2017, 52(9): 41-53.
[3] 黄宇晴,赵波,肖钰,陶威. 一种基于KVM的vTPM虚拟机动态迁移方案[J]. 山东大学学报(理学版), 2017, 52(6): 69-75.
[4] 姚克,朱斌瑞,秦静. 基于生物信息的可验证公钥可搜索加密协议[J]. 山东大学学报(理学版), 2017, 52(11): 11-22.
[5] 岳猛,吴志军,姜军. 云计算中基于可用带宽欧氏距离的LDoS攻击检测方法[J]. 山东大学学报(理学版), 2016, 51(9): 92-100.
[6] 蔡红云, 田俊峰. 云计算中的数据隐私保护研究[J]. 山东大学学报(理学版), 2014, 49(09): 83-89.
[7] 罗海燕, 吕萍, 刘林忠, 杨洵. 云环境下基于模糊粗糙AHP的企业信任综合评估[J]. 山东大学学报(理学版), 2014, 49(08): 111-117.
[8] 刘洋,秦丰林,葛连升. 云计算测量研究综述[J]. J4, 2013, 48(11): 27-35.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
版权所有 © 2018 《山东大学学报(理学版)》编辑部 
地址: 山东省济南市山大南路27号山东大学中心校区(250100) 电话: +86-0531-88366917 E-mail: xblxb@sdu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发