| 引用本文: | 杜皎,李国辉,冯登国.用错误围堵策略建立可生存的网络安全设备内核.[J].国防科技大学学报,2005,27(6):30-34.[点击复制] |
| DU Jiao,LI Guohui,FENG Dengguo.Utilizing Fault Containment to Construct a Survivable Network Security Device Kernel[J].Journal of National University of Defense Technology,2005,27(6):30-34[点击复制] |
|
| |
|
|
| 本文已被:浏览 6448次 下载 5867次 |
| 用错误围堵策略建立可生存的网络安全设备内核 |
|
|
(1.国防科技大学 信息系统与管理学院,湖南 长沙 410073;2.中国科学院研究生院 信息安全国家重点实验室,北京 100049)
|
| 摘要: |
| 提出在IBM虚拟机器的架构上,使用错误围堵策略建立可生存的网络安全设备内核的思想。建立有效的资源管理器,分割、调度机器资源,把物理资源提供给虚拟机器,平衡错误围堵与其它的性能要求。利用软件和硬件错误围堵技术制约对系统攻击引起的错误,防止一个错误引起整个系统的崩溃。用以上策略建立了内核模型,给它加上大负荷,正常和异常的工作。实验结果显示:即使在系统中某些部分出错的情况下,依然不影响系统的整体性能,并且错误围堵的开销几乎可以忽略不计。 |
| 关键词: 可生存技术 错误围堵 虚拟机器 网络安全设备 内核 |
| DOI: |
| 投稿日期:2005-04-10 |
| 基金项目:国家863高技术资助项目(2003AA144050) |
|
| Utilizing Fault Containment to Construct a Survivable Network Security Device Kernel |
| DU Jiao1,2, LI Guohui1, FENG Dengguo3 |
|
(1.College of Information System and Management, National Univ. of Defense Technology, Changsha 410073,China;2. 2.State Key Laboratory of Information Security, Graduate School of Chinese Academy of Sciences, Beijing 100039,China;3.2.State Key Laboratory of Information Security, Graduate School of Chinese Academy of Sciences, Beijing 100039,China)
|
| Abstract: |
| Fault containment is proposed to construct a survivable kernel of the network security device based on the IBM virtual machine. This is accomplished by setting up an efficient resource manager to supply physical resources to the virtual machine and to balance other performance requirements. Software and hardware fault containment technology is used to protect against system attacks, and avoid a system breakdown from a single fault. Model and tests prove this idea and the overheads are almost negligible. |
| Keywords: survivability techniques fault containment virtual machine network security device kernel |
|
|
