电子科技大学学报Issue(1):117-122,6.DOI:10.3969/j.issn.1001-0548.2015.01.020
基于虚拟机的内核完整性保护技术
A Kernel Integrity Protection Technology Based on Virtual Machine
摘要
Abstract
For the kernel integrity threats of virtual machine in cloud computing environment, an integrity protecting technology of virtual machine kernel, cloud trusted virtual machine(CTVM ), is proposed. In the CTVM, the virtual trusted execution environment in kernel-based virtual machine(KVM) is created, the multiple virtual machines are endowed with a trusted computing function at the same time, and the guest virtual machines are provided with integrity measurement ability. By utilizing hardware virtualization technology, the untrusted kernel modules are isolated from operating system kernel through constructing isolated address space in guest virtual machines, so as to protect the booting integrity and runtime integrity of guest virtual machines. Finally, with a domestic server as the experimental platform, CTVM prototype system is presented. System test and analysis show that the system performance loss is within the acceptable range.关键词
完整性/内核/KVM/可信计算/虚拟机Key words
integrity/kernel/KVM/trusted computing/virtual machine分类
信息技术与安全科学引用本文复制引用
张磊,陈兴蜀,刘亮,李辉..基于虚拟机的内核完整性保护技术[J].电子科技大学学报,2015,(1):117-122,6.基金项目
国家自然科学基金(61272447);国家科技支撑计划(2012BAH18B05) (61272447)
