| 虚拟机监视器的安全性分析 |
| |
| 引用本文: | 金伟,李明禄,翁楚良. 虚拟机监视器的安全性分析[J]. 计算机工程, 2011, 37(15): 116-118,121. DOI: 10.3969/j.issn.1000-3428.2011.15.036 |
| |
| 作者姓名: | 金伟 李明禄 翁楚良 |
| |
| 作者单位: | 上海交通大学计算机科学与工程系,上海,200240 |
| |
| 基金项目: | 国家"973"计划基金,国家自然科学基金 |
| |
| 摘 要: | 分析虚拟机监视器的安全性能,结合开源虚拟化软件Xen分析其潜在威胁和漏洞,如超级调用、I/O直接内存传输等。设计并实现一种通过修改Xen VCPU状态信息来破坏虚拟机稳定性的方法,同时给出具体的防范措施,如可以对关键数据结构计算其校验值,及时发现是否被入侵,也可以直接禁止模块的加载,避免一切可能由模块带来的安全性问题。
|
| 关 键 词: | 虚拟机监视器 安全性 超级调用 直接内存传输 虚拟CPU |
| 收稿时间: | 2011-03-16 |
Security Analysis of Virtual Machine Monitor |
| |
| JIN Wei,LI Ming-lu,WENG Chu-liang. Security Analysis of Virtual Machine Monitor[J]. Computer Engineering, 2011, 37(15): 116-118,121. DOI: 10.3969/j.issn.1000-3428.2011.15.036 |
| |
| Authors: | JIN Wei LI Ming-lu WENG Chu-liang |
| |
| Affiliation: | (Department of Computer Science and Engineering,Shanghai Jiaotong University,Shanghai 200240,China) |
| |
| Abstract: | This paper aims to explore the security of the Virtual Machine Monitor(VMM), combined with open source virtualization software Xen to analyze the potential threats and vulnerabilities, such as tampering with hypercalls, malicious direct memory access. It designs and implements a way to undermine the stability of virtual machine by modifying VCPU state and meanwhile give countermeasures, such as verifying critical data structures to discover whether it is invaded, or forbidding the loading of module to eliminate all possible security risks posed by the module. |
| |
| Keywords: | Virtual Machine Monitor(VMM) security hypercall direct memory transmission Virtual CPU(VCPU) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
