於雲端環境下透過虛擬機器移置與主動式防禦配置以最大化網路存活度

Chia-Jung Chang; 張家榮

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/52260

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	林永松(Yeong-Sung Lin)
dc.contributor.author	Chia-Jung Chang	en
dc.contributor.author	張家榮	zh_TW
dc.date.accessioned	2021-06-15T16:10:29Z	-
dc.date.available	2020-08-25
dc.date.copyright	2015-08-25
dc.date.issued	2015
dc.date.submitted	2015-08-18
dc.identifier.citation	[1]P. Mell and T. Grance, “The NIST Definition of Cloud Computing”, In NIST Special Publication 800-145, September 2011. [2]N. Waly, R. Tassabehji and M. Kamala, “Improving Organisational Information Security Management: The Impact of Training and Awareness”, In High Performance Computing and Communications & 2012 IEEE 9th International Conference on Embedded Software and systems (HPCC-ICESS), 2012 IEEE 14th International Conference on, pp.1270-1275, 2012. [3]IBM Internet Security System X-Force research and development team, IBM X-Force 2015 First-Quarter Threat Intelligence Quarterly, March 2015. [4]Symantec, Internet Security Threat Report 2015, April 2015. [5]Cisco, the Cisco 2015 Annual Security Report, 2015. [6]Ovum, 2015 Global Payments Insight Survey: Overview, 2015. [7]Trend Micro, Cloud Security Survey Global Executive Summary, August, 2012. [8]R. J. Ellison, D. A. Fisher, R. C. Linger, H. F. Lipson , T. Longstaff and N. R. Mead, “Survivable Network Systems: An Emerging Discipline”, In Technical Report CMU/SEI-97-TR-013, 1997. [9]U. S. Department of Commerce, “National Telecommunications and Information Administration”, In Federal Standard 1037C, 1996. [10]H. F. Lipson, N. C. Mead, and R. C. Linger, “Requirements Definition for Survivable Network Systems”, In Proceeding of the 3rd International Conference on Requirements Engineering, pp.14-23, April 1998. [11]N. R. Mead, “Panel: Issues in Software Engineering for Survivable Systems”, In ACM Proceedings of the 21st International Conference on Software Engineering, pp.592-593, May 1999. [12]P. G. Neumanm, “Practical Architecture for Survivable Systems and Networks”, In Technical Report, Computer Science Laboratory, SRI International, CA, 2000. [13]S. Jha and J. M. Wing, “Survivability Analysis of Networked Systems”, In Proceedings of the 23th International Conference on Software Engineering, pp.872-874, 2001. [14]V. R. Westmark, “A Definition for Information System Survivability”, In System Sciences, Proceeding of the 37th Annual Hawaii International Conference on, 2004. [15]F. A. Al-Zaharani, “Survivability Performance Evaluation of Slotted Multi-fiber Optical Packet Switching Networks With and Without Wavelength Conversion”, In 2nd Information and Communication Technologies (ICTTA’06), Volume2, pp.2242-2247, April 2006. [16]A. K. Krings and Z. Ma, “Survival Analysis Approach to Reliability, Survivability and Prognostics and Health Management (phm)”, In Aerospace Conference IEEE, pp.1-20, March 2008. [17]P. E. Heegaand and K. S. Trivedi, “Network Survivability Modeling”, In Computer networks, Vol. 53(8), pp.1215-1234, 2009. [18]H. Wang, S. Yan, and P. Liu, “A Semi-Markov Survivability Evaluation Model for Intrusion Tolerant Database Systems”, In Availability, Reliability, and Survivability. ARES’ 10 International Conference on, pp.104-111, 2010. [19]F. Xing and W. Wang, “On the Survivability of Wireless Ad Hoc Networks with Nodes Misbehaviors and Failures”, In IEEE Transactions on Dependable and Secure Computing, Vol.7, no. 3, pp. 284-299, 2010. [20]C. Clark, K. Fraster, S. Hand, J. G. Hansen, E.Jul, C. Limpach, I. Pratt, A. Warfield, “Live Migration of Virtual Machines”, In Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation Volume 2, USENIX Association, p.273-286, 2005. [21]A. Verma, U. Sharma, R. Jain and K. Dasgupta, “Compass: Optimizing the Migration Cost vs. Application Performance Tradeoff”, In Network and Service Management, IEEE Transactions on 5.2: 118-131, 2008. [22]T. Wood, P. Shenoy, A Venkataramani and M. Yousif, “Black-box and Gray-box Strategies for Virtual Machine Migration”, In NSDI, Vol. 7, 2007 [23]T. Wood, K. K. Ramakrishnan, P. Shenoy and J. Van der Merwe, “CloudNet: A Platform for Optimized WAN Migration of Virtual Machines”, In Technical Report, HP, 2010. [24]X. Chen, H. Wan, S. Wang and X. Long, “Seamless Virtual Machine Live Migration on Network Security Enhanced Hypervisor”, In Broadband Network & Multimedia Technology, 2009. IC-BNMT’09. 2nd IEEE International Conference, 2009. [25]L. YamunaDevi, P. Aruna and N. Priya, “Security in Virtual Machine Live Migration for KVM”, In Process Automation, Control and Computing (PACC), 2011 International Conference, 2011. [26]G. Fan, H. Yu, L. Chen and D. Liu, “A Game Theoretic Method to Model and Evaluate Attack-Defense Strategy in Cloud Computing”, In Services Computing (SCC), 2013 IEEE International Conference, 2013. [27]K. Ioanna and K. Solratis, “A Game-Based Intrusion Detection Mechanism to Confront Internal Attackers”, In Computer & Security, 29.8: 859-874, 2010. [28]M. M. Eman and S. A. Jatem, “Enhanced Data Security Model for Cloud Computing”, Informatics and Systems (INFOS), In 2012 8th International Conference, 2012. [29]Sh. Ajoudanian and M. R. Ahmadi, “A Novel Data Security Model for Cloud Computing”, In International Journal of Engineering and Technology, 2012. [30]F.K. Hwang, D. S. Richards and P. Winter, “The Steiner tree problem,” In Elsevier, 1992. [31]L. Kou, G. Markowsky and L. Berman, “A fast algorithm for Steiner trees,” In Acta informatica, 15(2), pp.141-145, 1981. [32]G. R. Blakley, “Safeguarding Cryptographic Keys”, In Proceedings of the National Computer Conference 48: 313-317, 1979. [33]Ivan Damgard, “Secret Sharing”, In CPT 2006, Ver.3, Lecture series, 2006. [34]S. Skaperdas, “Contest Success Functions”, In Economic Theory, Vol. 7, pp. 283-290, 1996. [35]S. H. Hwang, “Contest Success Functions: Theory and Evidence”, In Economics Department Working Paper Series, Paper 11, 2009. [36]K. Hausken and G. Levitin, “Protection vs. False Targets in Series Systems”, In Reliability Engineering & System Safety, Vol.94, pp.973-981, 2009. [37]K. Hausken and G. Levitin, “Efficiency of Even Separation of Parallel Elements with Variable Contest Intensity”, In Risk Anal 28 (5): 1477-1486, 2008. [38]D. S. Burdick, T. H. Naylor and W. E. Sasser, “Computer Simulation Experiment with Economic System: the Problem of Experimental Design”, In Journal of the American Statistical Association 62.320: 1315-1337, 1967.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/52260	-
dc.description.abstract	近幾年來，由於資訊科技的發展，不僅帶來許多方便更進一步改變人們的生活方式。雲端運算便是其中之一。因為雲端運算，使用者可以依自己所需使用各式各樣不同且有彈性的服務，此特色省去了使用者在IT設備採購與維護的費用，同時吸引了許多企業選擇將其服務架構建置在雲端基礎建設之上。但是，資訊安全議題是企業是否採用雲端運算所必須考慮的議題之一。為了使企業於雲端環境中能夠不中斷他們提供服務的能力，虛擬機器移置的防禦機制是一種可以有效避免服務中斷的防禦機制。虛擬機器移置機制可以動態地將虛擬機器從一台實體伺服器搬移置另外一台實體伺服器中，避免此虛擬機器被惡意攻擊，進一步提升網路的存活度。而資料對於企業的重要性，由於大數據分析的興起變得越來越重要。如何保護資料免於被惡意攻擊者竊取是企業特別關心的，而秘密分享機制是一種可以有效防止攻擊者竊取資料的機制。此機制藉由將資料切割成N等份，並且需要K份祕密碎片才能夠將資料還原，借此提高攻擊者竊取資料的難度。本篇論文的目的為幫助企業找到一個有效的方法來防止外部的惡意攻擊以避免中斷服務的提供或是資料遭受竊取。除了傳統的防火牆、IDS、IPS...等防禦措施，也會採取上述虛擬機器移置與秘密分享兩種防禦機制來增加網路的存活度。除此之外，我們將會於有限的防禦資源下幫助企業找出最佳的防禦策略與資源配置方式來防禦攻擊者的入侵。在本研究中，由於許多複雜且充滿隨機性的問題，我們試圖採取數學規劃及蒙特卡羅分析法來解決此問題，期望能幫助防禦者透過有效的資源配置以提高網路存活度。	zh_TW
dc.description.abstract	In recent years, the development of information technology not only brings much convenient to us but further changes our life style. The cloud computing is one of the information technology. Owing to the cloud computing, users can subscribe different kinds of flexible and scalable services on demand. This feature makes users spend less expense on establishing and maintaining IT infrastructure which attracts many enterprises to build their IT environment through the cloud platform. However, the information security issue is one of the must considered issue to enterprises who are going to adopt the cloud computing. In order to make the enterprise in the cloud environment not interrupt their abilities to provide services, VM Migration mechanism is a useful defense mechanism for avoiding service being disrupted. VM Migration mechanism enables VM dynamically move from one physical server to another and the mechanism can prevent VM from the malicious attack and further increase the network survivability. Besides, the importance of data for company has become more and more significant due to the rise of “Big Data Analysis”. It is special concerned by companies on how to prevent data being compromised by malicious attackers. Secret sharing mechanism is an effective mechanism to prevent data being stolen from attackers, it will cut data into N pieces and need K pieces to reconstruct the data for increasing the difficulty to steal data. Our goal is to help enterprises find out an effective way to prevent external malicious attacks to avoid service disruption or data stolen. In addition to traditional defense strategies such as firewall, IDS, IPS, we will take VM Migration mechanism and secret sharing mechanism introduced before to increase the network survivability. Beside, we will aid enterprises to seek the optimal way of allocating defense resource under limit budget to fight against the invasion of attackers. In our work, since many complex and full of randomness problem, we tried to take Mathematical Programming and Monte Carlo Simulation methods to solve this problem, and we look forward to helping defenders to improve the network survivability through effective allocation of resource.	en
dc.description.provenance	Made available in DSpace on 2021-06-15T16:10:29Z (GMT). No. of bitstreams: 1 ntu-104-R02725045-1.pdf: 2404773 bytes, checksum: a8a1f40bf0dec06aca8b73b101338f48 (MD5) Previous issue date: 2015	en
dc.description.tableofcontents	Chapter 1 Introduction 1 1.1 Background 1 1.2 Motivation 6 1.3 Literature Survey 9 1.3.1 Survivability 9 1.3.2 VM Migration 11 1.3.3 Cyber Warfare 14 1.4 Thesis Organization 16 Chapter 2 Problem Formulation 17 2.1 Problem Description 17 2.1.1 Migration Mechanism 17 2.1.2 Attacker Perspective 18 2.1.3 Attacker Optimization 21 2.1.4 Defender Perspective 27 2.2 Attack-defense Scenario 35 2.2.1 Contest Success Function 35 2.2.2 Attack-defense Scenario 37 2.3 Mathematical Formulation 45 Chapter 3 Solution Approach 51 3.1 Mathematical Programming 51 3.2 Monte Carlo Simulation 52 3.3 Problem Solving Process 54 3.4 Policy Enhancement 57 3.4.1 Defender Enhancement 57 Chapter 4 Computational Experiment 63 4.1 Experiment Environment 63 4.2 Simulation Result 65 4.2.1 Convergence Evaluation Times 65 4.2.2 Topology Robustness 66 4.2.3 Attacker Strategy Analysis 67 4.2.4 Defender Strategy Analysis 68 4.3 Enhancement Result 70 4.3.1 Enhancement in Proactive and Reactive Defense Resource 70 4.3.2 Risk level threshold Enhancement 72 Chapter 5 Conclusion and Future Work 74 5.1 Conclusion 74 5.2 Future Work 76 Reference 77
dc.language.iso	en
dc.title	於雲端環境下透過虛擬機器移置與主動式防禦配置以最大化網路存活度	zh_TW
dc.title	Through Virtual Machine Migration and Proactive Defense Resource Allocation to Maximize Network Survivability in a Cloud Environment	en
dc.type	Thesis
dc.date.schoolyear	103-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	孔令傑(Ling-Chieh Kung),莊東穎(Tong-Ying Juang),呂俊賢(Chun-Hsien Lu),鍾順平(Shun-Ping Chung)
dc.subject.keyword	雲端運算,虛擬機器移置,祕密分享,網路存活度,最佳化,資源分配,數學規劃法,蒙地卡羅法,	zh_TW
dc.subject.keyword	Cloud Computing,VM Migration,Secret Sharing,Network Survivability,Optimization,Resource Allocation,Mathematical Programming,Monte Carlo Simulation,	en
dc.relation.page	82
dc.rights.note	有償授權
dc.date.accepted	2015-08-18
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-104-1.pdf 目前未授權公開取用	2.35 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。