The Embedded Linux System Based On Xen Isolation Security Enhancement Technique

As embedded systems are increasingly common on the Internet, the security problem has increasingly become the focus of attention. Introduction of virtualization to solve the security problem has also become the hot issues of the embedded field research. As embedded hardware performance continues to improve, combination of virtualization technology and embedded is possible. Foreign companies and universities are also actively investing a lot of human and financial resources to embedded virtualization technology research. Embedded virtualization technology will bring huge changes to the embedded field, and worthy of attention.In this dissertation, a thorough and complete review on the related theories and technical foundations of virtualization technology is made, virtualization security solutions used in embedded systems is established, and the soft isolation security model based the Xen is designed and implemented. The contribution of the thesis is listed as follows.(1) A detailed summary is made on the current threats to embedded systems and Linux kernel, and introducing virtualization technology with the classification levels and technical point of view. Finally elaborated the advantages of embedded virtualization technology in the settlement of the above security issues.(2) A detailed summary is made on the Xen architecture and implementation methods, elaborating the idea of the Xen on ARM application, and then proposing and designing the virtualization security model based on the Xen.(3) In contrast to the the Xen traditional practice model, this article propose a isolation security model based on Xen, and also explain the isolation of each component modules. Finally, this article archive the the isolation security model.(4) Against buffer overflow vulnerability, implementing the attack experimental comparison of the Xen traditional model and soft isolation model. Explainning outstanding advantages of the soft isolation model in the protection system security from the side.At last, a conclusion is drawn on the shortcomings of the dissertation, and the future research contents on this topic are prospected.