| With the improving of modern computer hardware,virtualization technology develops rapidly.Xen is becoming more and more popular as its reliable,requiring fewer system resources,open source and so on.Expecially in recent years,Inter and AMD provide support for virtualization in hardware,which makes Xen support Full Virtualization and greatly promote the development of Xen.Not only normal enterprise and individuals,but also bank and government use virtulization technology more rapidly.Classified department also keep pace with times to use virtulization technology for its advantages,but on the other hand there are more and more challenges for virtulization technology.In the classified department,security is the most important challenge.We should conforms with its security regulations and try to not affect user's habits.This paper further study the virtulization technology of Xen,blktap2 drive, transparent encryption technology,access control model,it focus on the basic mechanism of Xen,the working process of blktap2 drive,implemention principle of transparent encryption and classical access control model.For the lack of data protection in high level of security environment and based on the feature of private data and shared data,it realizes a solution:Firstly,encrypt transparently for private data,which means it will auto encrypt and decrypt when user operate the disk file,but user can't realize the encryption and decryption.And we reserve interfaces of encryption and decryption so that we can change the way of encryption and decryption when it is needed. Secondly,the access control on shared data can make user access the data in ther permission.And it adds multi-server authentication module to improve the security and reliability.I build a Xen-based virtulization test platform based on testing need and do the function and performance test.The result of test implys that this system protects user's data effectively,it can meet the need of data protection in high-level security environment. |
PDF Full Text Request