信息网络安全 ›› 2023, Vol. 23 ›› Issue (3): 45-55.doi: 10.3969/j.issn.1671-1122.2023.03.005

• 技术研究 • 上一篇    下一篇

面向拟态云的异构执行体安全调度算法

王瑞民1, 省永续1, 宋伟2, 张建辉3,4()   

  1. 1.郑州大学计算机与人工智能学院,郑州 450001
    2.郑州大学河南省大数据研究院,郑州 450052
    3.郑州大学网络空间安全学院,郑州 450002
    4.嵩山实验室,郑州 450001
  • 收稿日期:2022-11-27 出版日期:2023-03-10 发布日期:2023-03-14
  • 通讯作者: 张建辉 E-mail:ndsczjh@163.com
  • 作者简介:王瑞民(1974—),男,河南,副教授,博士,主要研究方向为密码学、信息安全和物联网安全|省永续(1999—),男,河南,硕士研究生,主要研究方向为拟态安全|宋伟(1972—),男,河南,副教授,博士,主要研究方向为数据挖掘与机器学习、智能系统、大数据安全|张建辉(1977—),男,河南,副研究员,博士,主要研究方向为网络与信息安全、网络体系架构和人工智能
  • 基金资助:
    国家自然科学基金(61872382);国家电网有限公司总部科技项目(5700-202024176A-0-0-00)

Secure Scheduling Algorithm for Heterogeneous Executors for Mimic Clouds

WANG Ruimin1, XING Yongxu1, SONG Wei2, ZHANG Jianhui3,4()   

  1. 1. School of Computer and Artificial Intelligence, Zhengzhou University, Zhengzhou 450001, China
    2. Henan Academy of Big Data of Zhengzhou University, Zhengzhou 450052, China
    3. School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou 450002, China
    4. Songshan Laboratory, Zhengzhou 450001, China
  • Received:2022-11-27 Online:2023-03-10 Published:2023-03-14
  • Contact: ZHANG Jianhui E-mail:ndsczjh@163.com

摘要:

随着云服务的应用范围越来越广,基于未知漏洞或后门的攻击成为制约云技术发展的主要安全威胁之一。基于拟态防御建立的拟态云服务通过降低漏洞的持续性暴露概率来保障安全性,当前已有研究提出的拟态调度算法缺乏对执行体自身安全性的考虑,并且无法兼顾动态性和异构性。针对此问题文章通过引入执行池的异构度和安全度定义,提出一种基于异构度和安全度的优先级调度算法,并引入结合时间片的动态调度策略。实验结果表明,文章所提算法具有较好的动态性,能够获得较优的调度效果,实现了动态性、异构性和安全性之间的平衡,并且时间复杂度较低。

关键词: 拟态防御, 拟态云, 异构度, 安全度, 优先级调度

Abstract:

As cloud services become more widely used, attacks based on unknown vulnerabilities or backdoors become their most significant security threat. Mimic cloud services based on mimic defense are established to secure them by reducing the probability of continuous exposure to vulnerabilities. However, the mimic scheduling algorithm proposed by current research lacks the consideration of executors’ own security and cannot take into account dynamicity and heterogeneity. This paper proposed a priority scheduling algorithm based on heterogeneity and security degree by introducing the definition of heterogeneity and security degree of execution pool, and introduced a dynamic scheduling strategy combining time slices to solve the above problems. The experimental results show that the proposed algorithm has better dynamicity and can obtain better scheduling effect, achieving the balance between dynamicity, heterogeneity and security, and also has the advantages of low time complexity.

Key words: mimic defense, mimic cloud, heterogeneity, security, priority scheduling

中图分类号: