An Information Flow Security Control Method Based On Virtualization Technology

With the rapid development of computer technology, in order to complete work almost all modern companies use computers to exchange information, share resources, such as information management systems and automatic office systems. However, the security level of the computer information is different. There are information disclosure and information cross-contamination problems. The traditional control methods of information flows are disappointed. There are three main problems. First, many information flow control methods will change existing applications and programs, and we should modify different places for different hardware environments. In this case, the flexibility of system is reduced and it is not conducive for migration and data backup. Secondly, some control methods only allow information to flow between same systems and forbid information to flow between different systems. Thus, there are many disadvantages such as limiting the communication between different systems, preventing information sharing, and wasting resources greatly. Thirdly, some control methods use traditional physical hardware technology to realize, without using virtualization technology. The cost of control method is overhead.In this paper, we propose a method of information flow control method by improving traditional methods according to the demand of Railway Information System Security features and verify system’s security using noninterference technology. This method does not need to modify existing applications and programs, saves cost and improves the security of information sharing. The main works of the paper are as follows:(1) Propose a method for information flow security control and realize a system based on the method.(2) Use migration and data backup technology of virtualization to improve the ability of system recovery and enhance reliability. Putting the mirror of virtual machines into a server, we can produce mother mirror depending different types of applications to realize deployment of virtual machine rapidly. The upgrade and installation of software are no longer requiring large amount of manpower and material resources. The centralized management and control technology of mirror overcomes the problem of compatibility, and doubles the maintain efficiency of system.(3) Not only realize information flow control on PC, but also on the mobile terminal.(4) Set up an information flow control agent to realize information downgrade function based on BLP model. By studying the communication between virtual machine on XEN platform, using802.1Q protocol and security tag to ensure reverse flow of information in particular case, we improve the usability of the system.(5)Research noninterference technology and use it to prove system security formally and verify the security of the system.