Research And Implementation Of Security Enhancement Technology For Private Cloud Platform Virtualization

Cloud computing has changed the way of IT services, which is profoundly influencing the development of society. Private cloud, community cloud services, public cloud and hybrid cloud providers are serving people’s lives. But with the quick development of cloud computing, its own security issues are taken into focus, virtualization technology is the basis for cloud computing, whose security directly affects the reliability of the entire computing platform.This paper studies the security enhancement technology of private cloud platform. First, we analyze the security threats of the cloud platform, through the analysis of current research, we conclude that the key to securing the cloud platform is to keep the virtual machine monitor safety, therefore, our research priorities will focus the security isolation of virtual machines, the main method is to use the Mandatory Access Control(MAC) mechanism to enhance the security of virtual machines deployment, increasing the safety of private cloud computing platform at the IaaS level. Second, we introduce the key technology of private cloud computing technology and access control mechanism, including the Virtual Machine Monitor (VMM) of cloud computing, libvirt, the virtualization management library, Openstack and OS access control mechanisms, Linux security module. Third, we implement security isolation for virtual machines deployment based on the mandatory access control mechanism SMACK and libvirt under the QEMU/KVM virtual environment, achieving that the guest virtual machine can only access its own resources under the mandatory access control to make strong isolation between virtual machines. Our work provides a lightweight MAC-based security isolation method for virtual machines deployment and establishes secure migration channel for virtual machine migration. Finally, we perform some experiments, including the virtual machine isolation testing, migration testing, performance testing and Openstack integration testing. Experiments show that the prototype system achieves the desired effect, achieving strong isolation between guest virtual machines at the IaaS level of cloud computing.