Research On Security Protection In Muti-domain Environment Of Virtualization

With the rapid development of information technology, the cloud platform has been widely used which leads to the situation that the virtual machines have inevitably become the target of attackers. The computer system is facing with much more serious threats of security. The current means of malicious attacks have become increasingly diverse while the attacking scope has become increasingly broad which result in the fact that the traditional security mechanisms have difficulty in meeting the security demand of the current computer system. Combining the technology of trusted computing and virtualization is helpful to solve the security problem of virtual machine. It also can provide safeguard for virtual machine to play a bigger role in more fields. This has become a hot spot of current research.In order to enhance the security and stability of environment in which the virtual system is running, we should take two issues into consideration at the same time. One is security of safety unit itself. The other is the protection of guest operation system. We could take advantage of the isolation character of virtualization to leave the safety unit outside the target system. This can ensure the security of its own. We can implement the dynamic detection by safety unit outside the target system to provide more effective protection for guest operation system. Collaborative virtualization platform has the features of high performance of conducting I/O process and low expense of communication. Based on that, this dissertation constructed a protection mechanism in virtual multi-domain environment, aimed at improving the safeguard ability of virtualization system. The main contents of this dissertation include:(1) We analyse the security requirements of collaborative virtualization platform and summarize the problems existing in nowadays reaserches. Combining the technology of trusted computing and virtualization, while starting with the two aspects of system boot and operating process, we design the overall framework of security protection based on the collaborative virtualization platform.(2) Utilizing the trusted computing features, we build the trust chain and expand the credible base constantly to realize trust bootstrap, kernel start. After that, we apply the structure of vTPM to collaborative VMM to complish the boot of virtual machine. It could solve the length problem of the trust chain in collaborative virtualization platform. And then, we realize the trust boot of virtual multi-domain system and provide a secure initializing environment for implementing the protect in operating stage;(3) We propose a dynamic detection mechanism of multi-domain cooperation andmulti-level authentication. Utilizing the character of virtualization platform, we place the security modules into three different environments, which can effectively detect the abnormal state of the system when system running. Even the secure model in target system has been bypassed, our system could still continue its monitoring work outside the target system and keep a good concealment of its own so that the malignity inspection can not escape the monitoring by the secure mechanism.Test result shows that the proposed protection mechanism can guarantee the trust boot of system which provides a secure initial condition for dynamic detection. It also can detect the abnormalities effectively while the virtual machine is running. These achievements ensure the security of the virtual multi-domain environment during its whole course. The mechanism has achieved the expected effect of protection while has low overhead.