Research On Secure Communication Mechanism Based On Vmx Virtual Machine

Along with the progress of hardware technology, virtualization has obtained comprehensive development in components, system and application level. After 2005, Intel and AMD Company have released their hardware virtualization project respective each other, which has improved the capability of CPU and Memory, and bring the virtualization application to various private operate system, so the virtualization technology has developed accelerate. Virtualization technology has its security problem along with convenient in its high speed development.Xen virtual machine has implemented some security mechanism preliminary at present,including Xen ACM(Access Control Model) and vTPM(Virtual Trusted Platform Model).But these security mechanism can not resolve all the virtualization security problems.Some problems involved Virtual Machine network communication between Domains,Memory-shared and event channel don't have security mechanism to control.This paper has analyzed the related principle about VMX (Virtual Machine eXtensions) Virtual Machine, and analyzed emphasis on the communication of technology about VMX Virtual Machine.This paper has put forward the security control of VMX Virtual Machine communication. This paper has learned emphasis on the VMX virtual machine security communication mechanism, which mechanism has improved the security of communication between Domains.The main work and contribution are as follows:Firstly, this paper has analyzed the related technology about virtualization and network security mechanism,including Intel VT-x technology,Xend guard course,event channel,memory management and Virtual Network Controller.Secondly, we have put forward the frame of VMX virtual machine security communication mechanism. The mechanism has differentiate the client Domain to internet Domain and isonet Domain,and insert identity authentication and security check to the key path of Domains communication.Finally, we have learned and validated VMX Virtual Machine security communication mechanism. The mechanism contains three modules which are virtualization security server,identity authentication module and security check module. The virtualization security server has taken on the core function to realization security controlling, including Domain management,security policy management and security determinant, which is the core module of security communication system. Identity authentication module has taken on the validate of Domain's identity before communication, Identity authentication module is the base of security communication. Security check module has insert security hook function to the key path of Domains'communication, which implement the security controlling of Domains'communication sequentially.