Font Size: a A A

Research Of Virtual Isolation Mechanism For Application Specific

Posted on:2014-12-20Degree:MasterType:Thesis
Country:ChinaCandidate:L J JiangFull Text:PDF
GTID:2268330392973400Subject:Computer Science and Technology
Abstract/Summary:
Computer applications are more and more complex now. They will more or lesshave some bugs, such as buffer overflow. Hackers, viruses, and Trojan horses can takeadvantage of these security vulnerabilities into a computer system and get theirpermission and access to sensitive information or control other processes, but alsothreaten the integrity and confidentiality of the system. Application system securityissues are not just from the software itself, but also from malicious software such asviruses, worms, Trojans. It is inevitable that it has malicious programs in the system,because of the widespread using of network and increasingly complex applicationenvironments. Although the intrusion detection system (IDS), firewalls, antivirussoftware and other information security have become an integral part of securityproducts, but security vulnerabilities and malicious code threats remain inevitable.Since the security vulnerabilities and malicious programs is inevitable, this paperpropose a virtual isolation mechanism for application specific in the securityvulnerability is exploited, the malicious program has been running, to ensure systemintegrity.The purpose of the trust measurement technology of trusted computing is todetermine whether the software is trusted and to take the appropriate measures toensure the safe operation of the software.Isolation technology is an important technology for the safe development ofmodern computer system. It is used for isolation security threats, especially forsecurity threats caused by application software bugs.This paper intends to use virtualization technology to achieve the file resourcevirtualization based on the Linux kernel’s LSM framework.The system is divided bytrusted domains and untrusted domains in accordance with the results of theapplication measurement. It allows untrusted procedures and unknown program to rununder the premise of guarantee the safety of the system environment. And can supporttrust measurement based on TCM, to further accomplish the trusted connection basedon trusted domain. The subject intends to realize virtual isolation domain based onLinux system kernel layer’s access control mechanism and file system operationsredirection. The operating behavior of the untrusted domain’s application process tomodify system resources will be redirected to the virtual resources in order to achieve the isolation protection of system resources.
Keywords/Search Tags:trust measurement, isolation, virtualization, LSM framework
Related items