Research Of Memory Protection Based On Hardware Virtualization Technology

There are many inadequacies in the traditional system architecture and software design methods to protect the safety of memory. The traditional memory protection mechanisms are generally dependent on the specific hardware and operating systems and can't provide adequate security mechanisms. Not only need to pay expensive hardware costs, but also can't achieve isolation properly.For the deficiency of the traditional memory protection mechanisms (such as low reliability, poor isolation and weak security and so on), Virtualization technology provide a new idea to protect system memory. Compared with the traditional method of memory protection, Virtualization technology can find kernel vulnerabilities that are hard to be found with traditional technology, because these rootkits have the same privilege with traditional protection technology. However, by inserting a virtual machine monitor layer (VMM) layer having a higher authority than ring 0, it can monitor and protect the system, and operating system can't find the existence of VMM. Thereby it can ensure the system's security effectively. This paper describes the memory protection mechanism based on hardware virtualization. Hardware virtualization technology is based on-chip processors, which run directly on hardware, is a system-level virtual machine. It can not only provide security and isolation effectively, but also can control code of ring 0 layer. virtualization technology adopts a method of first come first served,Once the virtual machine is opened, other programs can no longer enter the virtual machine, which defense of the invasion of the virtual machine rootkit.Memory protection techniques in this paper include hidden memory, memory deception, process control, and code injection. Hidden memory is about the VMM has its own set of page tables, it can hide the actual physical address of the operating system. Memory deception is through returning some useless pages to make the operating system believe they have found the actual physical address, in fact the address is not a true physical address. Process control through the VMM intercepting system calls, and then call the realization of simulation system to control the operation of the process. Code injection refers to insert our own control code in the process of loading, as the process is loaded by the VMM, rather than by the operating system, it's difficult to detect the presence of control code.Through experiments, it is can be shown that memory protection mechanisms based on Hardware-based virtualization architecture can effectively detect and prevent the invasion of kernel rootkits and malicious code, greatly improve system security and reliability.