Research And Implementation On Xen Virtual Machine Memory Security Isolation Technology

Currently cloud computing is entering a rapid growth era, through the use of virtualization, distributed technology, more and more sensitive data will also be migrated to the cloud,therefore,the demand of cloud security requirements will also increase.Virtualization technology through Virtual Machine Manager, for the real computing environment abstraction and simulation on a single physical host a plurality of virtual hardware environment, complete with a virtual machine by running the same functionality as a real computer hardware in the virtual environment, running on the same physical machine with multiple virtual machines dependent on a real physical hardware environment. Based on the characteristics of virtualization technology in multi-tenant cloud environments, virtual machine manager must isolate different virtual hardware environments used by different users, in order to meet the basic needs of the cloud system and data security.For virtualized environment itself between the structural system memory map and virtual machine features, presents a privileged domain(Domain0, referred Dom0) and general domain(DomainU, referred DomU, i.e. user domain) memory can be configured between isolation method to achieve privileged domain and general memory isolation between domains; expansion under Xen platform XSM(Xen Security Module) security architecture on Xenstore achieve shared storage between the ordinary and the ordinary domain security domain isolation.Under Virtual Environment between Dom0 and DomU, memory and security isolation technology DomU between DomU prevent attacks from inside the virtual machine and exploit unauthorized access memory, so as to enhance the security of virtual machines running and the data on the basis of the prior art nature, creating a more secure virtualized cloud environments. To achieve the common memory information security domain isolation, to ensure common domain running memory information reliability and confidentiality while enhancing general memory information management domain maintainability.