| In recent years, with the rapid development of Internet services and the continuously upgrade of computer hardware, virtualization technology has been widely used. After Intel VT was introduced, there has been a large number of virtualization technologies of great performance, among which Xen is quite representative. Xen has got the advantages such as open source and high efficiency, but security drawbacks. For instance, attackers could obtain sensitive information from the memory occupied by client virtual machines, then penetrate into the management domain VM0 and all the other virtual domains above it. Resource isolation is an indispensable means of security of virtual machine technology, although currently could not satisfy the demand in terms of performance and isolation. VT-d, proposed by Intel, supports virtual machine in the chip-level and demonstrates good security isolation to the traditional operating systems. Based on the in-depth analysis of Xen's fully virtualization technology in linux, we proposed a secure solution of virtual machine isolation, which provides protection by means of secure memory management (SMM) and secure I/O management (SIOM), improves the Xen virtual machine host system and the secure isolation between virtual machine systems, eventually provides high-level protection for the Xen virtual machine in actual application. In this paper, we firstly introduced current virtual machine technologies of mainstream, analysed the architecture and key technologies of Xen virtual machine, then discussed the current primary means of secure isolation of virtual systems, which is followed by the introduction of their performance. After scrutinized Xen's virtualization technology in depth, we proposed a secure solution for virtual machine isolation based on the research of Intel VT-d. Finally, a series of performance tests were examined, and the data proved that our solution improved the security of Xen virtual machine to a large extent. |
PDF Full Text Request