適用於支援虛擬化與物聯網的安全網路測試平台之可靠度機制設計

Abstract

網路測試平台提供研究者一個分析網路安全與量測網路效能的實驗環境。近年來，部份測試平台導入虛擬化技術，並使用虛擬機來模擬網路節點，以期能夠支援大型的網路實驗。部份測試平台則引入低運算力裝置來支援使用者進行物聯網的相關研究。導入這些技術也對網路測試平台的安全產生了新的威脅，包括：針對虛擬機的 VM DoS attacks 與針對低運算力裝置的 gratuitous detour attacks。為了解決這些問題，本文認為可靠度(reliability)必須被列為測試平台的安全需求之一，並提出了三項可靠度機制做為解決手段。此三項可靠度機制為：Performance-based Resource Estimator (PRE)，Fair Memory Scheduler (FMS) 和 Capability-based Access Control Plus (CBAC+)。 PRE 和 FMS 解決了虛擬機之間的效能隔離問題，並確保在執行效能測試時的可靠度。PRE 估計一台虛擬機在虛擬平台上執行時所需的 CPU 資源，並確保相同類型的虛擬機在不同平台上執行時的效能差距在 1% 以內。測試平台可以利用 PRE 估計的結果設置虛擬機在執行時所能獲得的最大 CPU 資源，避免虛擬機遭受 VM DoS attacks。FMS 可在實驗執行中動態地調整虛擬機之間的記憶體配置，使虛擬機不會因 memory overcommitment 而缺乏記憶體執行它的工作。在 memory overcommitment 的狀態下，FMS 可以在執行記憶體測試工具時減少 68.3% 的執行時間增加量，避免因記憶體配置不佳產生 VM DoS attacks。為了在低運算力裝置上導入可靠的存取控制機制，本文提出了 CBAC+。CBAC+ 免除了裝置與認證中心之間的訊息交換，並縮短了 48% 的 CoAP 請求訊息長度。藉由縮短 CoAP 請求訊息的長度，CBAC+ 提供了更好的訊息傳輸成功率，並降低 gratuitous detour attacks 造成的影響。本文也以一個支援虛擬化與物聯網的測試平台為例子，解釋如何利用本文所提出的三項可靠度機制協助測試平台抵擋 VM DoS attacks 和 gratuitous detour attacks。

A secure network testbed provides users an experimental environment for network security analysis and performance measurement. Modern testbeds leverage virtualization technology to improve scalability, or adopt constrained devices to support Internet of Things (IoT) research. These new functionalities come with a cost that VM DoS attacks and gratuitous detour attacks might threaten the security of the testbeds. To solve this problem, this dissertation argues that reliability should be adopted as one of the security requirements for a testbed, and presents three reliability mechanisms, Performance-based Resource Estimator (PRE), Fair Memory Scheduler (FMS), and Capability-based Access Control Plus (CBAC+), as countermeasures. PRE and FMS provide performance isolation among VMs and ensure the reliability of performance measurement. PRE estimates CPU resources for running a VM on a virtualization platform, and ensures VMs of the same type have a performance difference less than 1% when running on different platforms. Based on the estimation results, a testbed can determine the maximum CPU resource allocated to VMs to prevent VMs from DoS attacks. FMS adjusts memory allocation among VMs dynamically to prevent VMs from starving. When memory overcommitment occurs, FMS can reduce the increase of execution time of memory benchmark by 68.3%. This avoids VMs from DoS attacks caused by improper memory allocation. Such a design provides a better delivery rate for CoAP request messages and mitigates the effect of gratuitous detour attacks when applying CBAC+ for constrained devices. This dissertation also presents a hybrid testbed supporting virtualization and IoT to prove how the proposed mechanisms can be used to secure the testbed against VM DoS attacks and gratuitous detour attacks.