| With the use of virtualization, threats appear gradually in domains constituted byhost and virtual machines (VMs). Access control between VMs becomes a necessarymethod of the security management of virtualized platform. But the traditionalMandatory Access Control (MAC) based on fixed security policy, which is mostcommon on virtualized platform, is greatly restricted on flexibility and granularity ofcontrol. The work of this thesis includes:First, provide an overview of the development and the research actuality of accesscontrol mechanism, and simple introductions of several important access controlmodels. Moreover, provide an overview of virtualization technology, and use Xen asan example, introduce the current implemented access control mechanism onvirtualized platform. Furthermore, reviews the development of trust evaluation in thefield of computer security, and make explanations of several representative trustevaluation/management models.Second, proposed two trust evaluation methods respectively using quantitativeand qualitative indicator. The significance of trust evaluation process is to do statefulinspection of subject by analyzing the historical actions of itself, and it is a dynamic,real-time process. As important evidence, there is great analytical value of thehistorical action records of subject, and compared with methods based on probabilitytheory, the evidence-based trust evaluation method is more convictive.Finally, combine these two methods above with the original access controlmechanism of Xen as a complement, to solve the inflexible and coarse-grain problemof the original access control module. |