Scientific Journal of Information Engineering October 2014, Volume 4, Issue 5, PP.138-146
Research and Implementation of IoT Service Runtime Security Method Based on Virtualization Linlin Fan#, Qiang Hua, Yang Zhang Research Institute of Networking Technology, Beijing University of Posts and Telecommunication, Beijing 100876, China #
Email: fanlinlin320job@163.com
Abstract The rapid development of IoT (Internet of Things) bring us convenience, also brings great potential safety hazards at the same time. In this paper, based on the analysis of the traditional IoT system security technology and intrusion detection technology, we find their shortcomings, and put forward a completely isolated security system which is more suitable for IoT system with application of virtualization technology. The system consists of isolated identity authentication, transparent access control, memory analysis and intrusion detection module, which build an isolation type IoT system security framework. Meanwhile, it provides a perfect recovery function so that the IoT system is self-healing according to the strategies that users configure. This system overcomes the tight coupling which often occurs in the traditional security system, the single function and can not take the initiative to perform recovery. This paper makes a detail exposition about the design concept, and the system implementation. Finally, we verify the availability and effectiveness of the system through the experiment. Keywords: IoT; Intrusion Detection; Virtualization; Security; Isolation
基于虚拟化技术的物联网服务运行环境的安全保 障方法研究与实现 范淋淋,华强,章洋 北京邮电大学 网络技术研究院,北京 100876 摘
要:物联网的快速发展在给人们带来便利的同时,也带来了极大的安全隐患。文章在分析传统物联网安全保障技术
以及入侵检测技术缺陷的基础上,利用虚拟化技术提出了更适合于物联网服务运行环境的完全隔离的安全保障系统。该 系统集隔离性身份认证、透明式权限控制、虚拟化内存取证、防攻陷入侵检测等于一体,构建了一种隔离式物联网系统 安全的保障框架。同时,系统提供了完善的故障恢复功能,保证了物联网系统在受到恶意攻击的情况下,可以根据策略 自行修复。克服了传统保障系统紧耦合、功能单一以及不能主动执行恢复等缺憾。文章详细阐述了该安全保障系统的设 计理念,并进行了系统实现,最后通过实验验证了系统的可用性和有效性。 关键词:物联网;入侵检测;虚拟化;安全保障;隔离
引言 物联网是以感知为核心的物物互联的综合信息系统。随着物联网系统的模式由封闭转向开放,以及运 行环境的日益复杂化,其安全问题被广泛关注。传统的物联网安全保障技术主要有加密、身份认证以及硬 件看门狗等。但是,这些技术在灵活性、主动防御能力以及全面性方面制约了其在复杂网络环境下的物联 网系统中的应用。针对传统保护方式的缺陷,很多学者和研究机构提出将主动性入侵检测技术应用于物联 - 138 http://www.sjie.org