博碩士論文 994203053 完整後設資料紀錄

DC 欄位 語言
DC.contributor資訊管理學系zh_TW
DC.creator莊承恩zh_TW
DC.creatorCheng-en Chuangen_US
dc.date.accessioned2012-8-16T07:39:07Z
dc.date.available2012-8-16T07:39:07Z
dc.date.issued2012
dc.identifier.urihttp://ir.lib.ncu.edu.tw:444/thesis/view_etd.asp?URN=994203053
dc.contributor.department資訊管理學系zh_TW
DC.description國立中央大學zh_TW
DC.descriptionNational Central Universityen_US
dc.description.abstract現行各種雲端運算之彈性仰賴於虛擬化技術的支持,然而虛擬化之安全建構於其技術所能提供之隔離性,若雲端平台上使用者打破虛擬化隔離性,則雲端平台所有共用使用者將一併受害。本論文以Xen Hypervisor所提供之半虛擬化技術為對象,探討使用虛擬化技術時隔離議題之重要性,歸納出虛擬化技術中實作顯示暫存區常發生之共同漏洞,並以半虛擬化顯示暫存區漏洞的實際漏洞CVE-2008-1943,展示虛擬機器脫逸(Virtual Machine Escape)實驗,取得Xen中的Domain 0之Root Shell,來證明虛擬化的隔離非牢不可破。最後在其他Domain U不知情的情況下,以竄改該Domain U的開機磁區,使其開機程序受到綁架,由此說明隔離性失效之後帶來的影響及損失。研究貢獻在於歸納出虛擬化技術中實作顯示暫存之共同漏洞,並以實際半虛擬化顯示暫存區進行虛擬機器脫逸實驗,以實驗結果證明虛擬化隔離性失效。此外更提供開機磁區竄改實驗作為後續攻擊之案例,以說明隔離性失效後可能帶來之損失,作為未來雲端安全核心研究之基礎。 zh_TW
dc.description.abstractThe on-demand feature of cloud computing is rely on supporting of virtualization technology, it is worth to know that security in virtualization is built upon the isolation. Thus, once the user of the cloud platform break the isolation, then all the users in the cloud platform will become victims. In this thesis, I focus on paravirtualization which is provided by Xen hypervisor to discuss about the importance of isolation in virtualization technology. It conclude that there are common vulnerability in many implementation of video-related device in virtualization technology. Moreover, with a practical exploitation about CVE-2008-1943, this thesis show that user can escape from an unpriviedge domain to the privilege domain’’s root shell (Virtual Machine Escape). Finally, this thesis show that attacker can easily hijack other user’’s virtual machine by modifying the virtual machine’’s master boot record. The major contributions are conclude the common vulnerability which is the implementation of video device in virtualization technology, and provide an hand-on VM escape experiment to prove the fail of isolation in virtualization. Moreover, this thesis provide an attack model, Master Boot Record Hijacking, to explain the impact after the fail of isolation. en_US
DC.subject雲端平台zh_TW
DC.subject虛擬化隔離zh_TW
DC.subject半虛擬化漏洞zh_TW
DC.subject虛擬機器脫逸zh_TW
DC.subjectXen Hypervisorzh_TW
DC.subjectCloud Computingen_US
DC.subjectIsolation of Virtualizationen_US
DC.subjectParavirtualization Vulnerabilityen_US
DC.subjectVirtual Machine Escapeen_US
DC.subjectXen Hypervisoren_US
DC.title半虛擬化漏洞造成雲端平台隔離性失效之研究zh_TW
dc.language.isozh-TWzh-TW
DC.titleOn the Fail of Isolation in Cloud Computing Platform with Paravirtualization Vulnerabilityen_US
DC.type博碩士論文zh_TW
DC.typethesisen_US
DC.publisherNational Central Universityen_US

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明