| With the rapid development of cloud computing, Virtualization technologies have become very popular in the field of research. In embedded field, how to use the resources effectively is a key problem, virtualization can effectively differentiate the hardware resources of system and provide resources for the application, but the resource is constrained in an embedded environment, it is not very realistic to deploy the server virtualization. So the efficiency and lightweight of virtualization solution is the research emphasis of the embedded virtualization. With the massive popularity of the embedded terminal at the same time, the security and privacy has become a research issue to consider. Virtualization can deploy different operating systems on the same platform, it can run different application in different operating systems.it provides the necessary guarantee for the system safety through isolation between applications.In this paper, through investigation and comparison of existing virtualization solution at the same time, i put forward a lightweight operating system-level virtualization solution and transplant the scheme to the embedded platform.Through the way of sharing the kernel, i realized to run multiple operating systems on the platform, the following work has been completed in this paper:(1)Compare the current several virtualization solutions through researching and analyzing their implementation method.finally,i chose Linux container virtualization in the comprehensive consideration.(2)Study the principle of Linux containers (LXC) virtualization solution Through the analysis of the Linux kernel source.Expound the working mechanism of the LXC and creation process of the virtual machine from the perspective of resource control and isolation. Inorder to achieve the security virtualization scheme, i put forward and analysis two kinds of container security enhancement scheme, aiming to improve the virtualization solutions from two aspects,system calls and access control.(3)Optimize the environment of embedded system, through cutting and optimizing the the kernel provided by the subject platform with the experimental analysis. On the optimized system, i have finished the transplantation of the LXC by modifying the source code of the kernel and LXC. It has been implemented to run multiple operating systems on the same platform. In the aspect of security enhancements in virtualization,limit the process in the container executing unsafe system call. The process outside the container can not modify the container file system.(4)Test experiment was carried out from three aspects of system. Through the analysis of experimental results,it has a good performance to verify the security LXC virtualization solutions on performance, flexibility and security. |
PDF Full Text Request