| With the development of information technology, attacks means to computer systems arechanging, and attacks strength are growing. The security mechanisms provided by the operatingsystem is difficult to meet the increasingly complex security requirements. The rising of systemvirtualization technology has the ability of transforming one physical machine into multiplevirtual machine, and provides more thorough isolation between virtual machine. It has higheranti-attack capability, provides a new idea to solve security problems. Using virtualizationtechnology to enhance the security of the system is one of the popular, one of its core isresources protection based virtualization.Traditional resource protection methods tools are located within the system, although canget the full state information, face the risk of being attacked or bypassed because it with theattack program are located in the same system, have the same privileges. To solve this problem,this paper built a resource protection mechanism that is located outside the operating system butin the virtualization platform. This way is more difficult to bypass than traditional protectionmechanisms, so is more resistant to attack. The major works of this paper as follows:(1) analyzes the requirement of resource protection in Cooperative-VMM, designs theoverall framework for resource protection.(2) proposes a external storage resources protection strategy based on block device,achieves storage resources protection at outside of the virtual machine.(3) proposes an network access control mechanism that combines the outside of VM and theinside of VM. This way not only facilitates access to internal information, but also has highconcealment and is hard to pass as the monitor is utside of the virtual machine.The test shows that the external storage device protection based block device can achievethe predetermined protective effect, the performance loss is only1.8-3.1%; network accesscontrol that combines the outside of VM and the inside of VM can achieve intercept and controlof network access, bandwidth performance decreased by only3%. |
PDF Full Text Request