| Nowadays, with the virtualization technology developing rapidly, it's now gaining more and more attention from the industry. Using the virtualization technology to construct multi-domain secure operating environment is a very important application aspect in computer system security field. Under the circumstances, the multi-domain isolation between domains makes great significance. But, due to the demand of data shared between domains and swift guest system, the multi-domain system faces the potential risk that domains may be see-through to each other. The new data sharing isolating and system switch technology designed by this paper provide a better grained and high security data sharing method and fast switch system method. Our works in this paper are showed as follows.1. We analyzed and researched the multi-domain isolation technology that have been implemented. On finding the defect of the data sharing isolating technology and analyzing the traditional system switch manner, we introduced a new method of data sharing isolating and system switch technology.2. We analyzed the architecture of open-source virtual machine Xen, especially researched some important Xen mechanism related to our subject, such as virtual block device initializing and object operating, disk I/O request process and guest system window display, etc. We also study the Windows driver develop method named WDK.3. Then we came up with the basic design plan and improved strategy. The data sharing isolating method is to use shared disk to share and hide the shared disk in order to make the data transmission way invisible to users. And the system switch method is to use system switch window to rapidly locate and switch to other guest systems.4. We came up with the detailed design plan and some implementation of data sharing and isolation, including the contents as follows. a) The communication channel and communication way between Windows front-end and Xen back-end. b) The design of back-end data sharing managing application. c) The implementation of the function of disk control module that disk access authority modified and disk activating unloading. d) The implementation of disk hiding in front-end and data sharing application.5. And then we brought up the detailed design plan and some implementation of systems switch, including the following contents. a) The response set of keyboard and mouse event in SDL window. b) The design of system chosen interface, making the guest system users can browse all the running system and make decisions. c) The implementation of the guest system switch function .d) Setting the codes same as the root account to guarantee security. |
PDF Full Text Request