Network Device Isolation Based On Virtualization Technology

In recent years,the computer plays an increasingly important role in people's lives,as we live,learn and work to provide a more convenient,people can get information,work,leisure and communication via computer.Operating system as the most central part of a computer,safety and stability is very important.According to the latest statistics,the driver code accounted for more than half of the total amount of code of the operating system,and the vast majority of crashes are caused by drivers of the operating system.Therefore,driver safety has become more and more important,how to write secure driver and effectively protect the driver program error does not affect the system kernel has become an important topic of research in computer science.In recent years,with the rapid development of virtualization technology,in particular the emergence of hardware virtualization technology to address driver safety and stability provided new ideas and methods.This article is through a combination of hardware virtualization technology proposed devices and device driver as a whole isolated to the virtual machine in use.Virtual machines can really provide complete isolation of space and resources for the driver,so that even if a driver fails or there are loopholes will only affect virtual machine without affecting the host kernel,he main work and innovation are as follows:1.Based on the current domestic and foreign for driver protection related technology research and analysis,summed up the currently adopted three ways:1)language to write a driver for enhanced;2)lower privilege level of the device driver;3)isolate the driver,and isolated from the kernel module and virtual machines in two ways.And describes the advantages and disadvantages of these three way.2.The network device isolation system based on hardware virtualization technology is proposed,and network devices and network adapter device driver as a whole isolation to virtual machines,avoiding the disadvantages of the driver isolation is not enough.The network device driver in the virtual machine provides the sending and receiving function of the network data for the host.3.In order to improve the transmission efficiency of the network data between the host and the virtual machine,we use the paravirtualized device to establish direct communication between the host and virtual machines.Paravirtualized virtual machine's memory device will provide information to the host,based on the information directly into the data to the receive buffer virtual machine to complete the transfer of data.