The Research On Virtual Machine Based-on Xen

Xen is a virtual machine monitor for x86 that supports execution of multiple guest operating systems with high performance and strong resource isolation. Xen is open source software released under the terms of the GNU General Public license. With the development of modern computer and the popularity of Intel x86 architecture, more researches are focused on Xen.In this thesis, the previous researches are surveyed and analyzed comprehensively. For virtual machine based on Xen, we present deep and elaborate research on few topics such as secure operating system, system reliability, performance and deployment for specific application.The main results are as follows:1. A novel model for enhancing security of operating system is proposed. In the model, Xen is used to protect the runtime security kernel. The virtual machine monitor runs in the most-privileged ring, security kernel and user process runs respectively in the much-privileged and least-privileged ring. When the much-privileged security kernel attempts to write some critical system resources, it is mandatory for the write permission to be verified and approved by Xen. So, the model can prevent malicious code from modifying and then bypassing the runtime security kernel.2. A formal method is proposed to optimize reliability of IO architecture of block device in Xen. Theories such as CSP and software architecture are utilized to formalize the architecture. Design rules are proposed to constrain concurrent interactions among components of architecture for block device. So, deadlocks are prevented in theory and reliability is improved. With the guide of the design rules, related programs are overhauled. Preliminary experiments indicated that overhead aroused by the revise is increased little. However, reliability of the system is enhanced. So, the overhaul is still worth.3. A novel prototype for logging system call is designed. In the design, guest operating system runs on the top of Xen as non-privileged mode. The redirecting and monitoring modules are added into Xen. When a guest application is calling a system call, it is trapped and redirected from the least privileged level into the virtual machine monitor running in the most privileged level. After logging is finished, it returns to guest operating system running in the more privileged level and starts the system call. Compared to the traditional methods for logging system call, the novel method makes it is more difficult to destroy or tamper the logs.4. An intrusion detection system based on Xen is designed. SNARE is a well-known intrusion detection system for the Linux. However, it is also vulnerable. A novel approach is designed to protect SNARE from being tampered. SNARE is ported on two virtual machines running over the Xen. The SNARE kernel patch and audit daemon, which are two principal components of SNARE, are separated into two virtual machines isolated strongly by Xen. The mechanism for sharing memory between virtual machines is provided by Xen. By the mechanism, SNARE kernel patch running on one virtual machine records and transfers the audit logs into the audit daemon running on another virtual machine. Compared to the traditional SNARE, the novel method makes it is more difficult to destroy or tamper the audit logs.5. For a class of popular IP network applications, a prototype of optimized computer network for virtual machines is proposed. A few virtual machines run on the top of Xen. Xen creates and manages these virtual machines. A new virtual network card is the core of the prototype. All virtual machines are interconnected by the device into a network, which is designed for communicating between the virtual machines. Compared to default model of Xen, the prototype improved the communication performance and reduced the response time for request by 42% which is supported by preliminary experiments and evaluations.6. For a specific application scenario (collaborative business service of one manufacturing industrial chain), the 3-tier architecture for deploying the service based on Xen is presented to group enterprises of the chain into one virtual enterprise. For membership enterprises of one virtual enterprise,the virtual enterprise is used to support sharing database and running collaborative business service easily, flexibly and securely. Because Xen is used to deploy the application servers, the total cost of ownership is reduced sharply and it is easier to deploy the application servers.