本文關(guān)鍵詞：一種基于特權(quán)分離和時(shí)間鎖的虛擬機(jī)隔離機(jī)制研究　出處：《解放軍信息工程大學(xué)》2013年碩士論文　論文類型：學(xué)位論文

  更多相關(guān)文章： 虛擬機(jī)安全 虛擬機(jī)隔離 無(wú)干擾理論 隔離模型 最小特權(quán) 特權(quán)分離 時(shí)間隔離

【摘要】：虛擬化技術(shù)正在得到IT行業(yè)越來(lái)越多的重視，它打破了計(jì)算機(jī)軟件與硬件之間的緊密依賴關(guān)系，提高了資源利用率，降低了維護(hù)成本。與此同時(shí)，虛擬機(jī)的安全問(wèn)題也日益突出，已經(jīng)成為虛擬機(jī)發(fā)展的重要挑戰(zhàn)之一。 在典型的虛擬機(jī)構(gòu)架中，通常引入虛擬機(jī)監(jiān)控器（Virtual Machine Monitor， VMM）來(lái)虛擬出多個(gè)隔離的虛擬物理資源，提供給上層所構(gòu)造的虛擬機(jī)（Virtual Machine， VM）。為了簡(jiǎn)化設(shè)計(jì)，系統(tǒng)中通常還包含一個(gè)管理VM，負(fù)責(zé)管理其他VM，并提供設(shè)備驅(qū)動(dòng)支持，如Xen中的Dom0和KVM中的Linux，它們擁有高于用戶VM的權(quán)限。用戶VM的安全，依賴于VMM和管理VM的安全。這種結(jié)構(gòu)存在的不足之處在于： （1）管理VM的權(quán)限過(guò)于集中； （2）共享硬件平臺(tái)的VM之間存在越權(quán)訪問(wèn)的可能； （3）用戶VM安全所依賴的可信基規(guī)模過(guò)大，，確保自身安全難度較大。 因此，提升虛擬機(jī)安全性的有效技術(shù)途徑就是減小系統(tǒng)的可信基，減少并分散管理VM的特權(quán)，保持各VM的獨(dú)立和安全。相比編寫一個(gè)沒(méi)有漏洞的操作系統(tǒng)來(lái)說(shuō)，在現(xiàn)有虛擬機(jī)系統(tǒng)中加強(qiáng)各個(gè)域間的隔離特性，防止安全危害的擴(kuò)大，對(duì)于提高系統(tǒng)安全性更為簡(jiǎn)單有效。 本文提出了一種基于無(wú)干擾理論的時(shí)間鎖隔離模型，然后給出了一種基于特權(quán)分離的虛擬機(jī)空間隔離機(jī)制和一種基于時(shí)間鎖的虛擬機(jī)時(shí)間隔離機(jī)制設(shè)計(jì)，用于減小用戶VM的TCB，分散管理VM特權(quán)，并加強(qiáng)對(duì)各VM間的訪問(wèn)隔離，提高系統(tǒng)的安全性。主要的工作包含以下幾個(gè)方面： （1）提出了一種基于無(wú)干擾理論的時(shí)間鎖隔離模型。 利用可信計(jì)算的定義及無(wú)干擾理論，提出一種時(shí)間鎖機(jī)制：允許不可信域進(jìn)程對(duì)可信域進(jìn)行訪問(wèn)，在訪問(wèn)過(guò)程中，對(duì)干擾該進(jìn)程的不可信域進(jìn)程進(jìn)行鎖定，訪問(wèn)結(jié)束后，解除鎖定。根據(jù)無(wú)干擾理論，給出了訪問(wèn)策略的安全性證明。 （2）提出了一種基于特權(quán)分離的虛擬機(jī)空間隔離機(jī)制。 本文將傳統(tǒng)Dom0進(jìn)行特權(quán)分離：把易產(chǎn)生安全漏洞的設(shè)備驅(qū)動(dòng)獨(dú)立出來(lái)，形成單獨(dú)的驅(qū)動(dòng)域；將影響用戶隱私的特權(quán)分離出來(lái)，形成DomU管理域。Dom0經(jīng)分離后，成為Thin Dom0，只負(fù)責(zé)用戶域的創(chuàng)建、管理等操作。特權(quán)分離機(jī)制對(duì)系統(tǒng)的權(quán)限進(jìn)行重新分配，分離后的系統(tǒng)可信域代碼量大幅減少，安全性得到提高，為實(shí)現(xiàn)時(shí)間隔離模型奠定了基礎(chǔ)。 （3）提出了一種基于時(shí)間鎖的虛擬機(jī)時(shí)間隔離機(jī)制。 特權(quán)分離后，系統(tǒng)中還存在不可信域?qū)尚庞虻脑L問(wèn)，利用時(shí)間鎖機(jī)制，針對(duì)不可信域?qū)尚庞虻脑L問(wèn)，進(jìn)行時(shí)間隔離。分別對(duì)Thin Dom0與DomU之間以及其它虛擬域之間的訪問(wèn)進(jìn)行了分析，并給出了相應(yīng)的時(shí)間隔離設(shè)計(jì)。 （4）結(jié)合Xen平臺(tái)，對(duì)特權(quán)分離和時(shí)間鎖機(jī)制進(jìn)行了實(shí)現(xiàn)研究。 基于開(kāi)源項(xiàng)目Xen，對(duì)系統(tǒng)的各個(gè)域，通過(guò)特權(quán)分離，進(jìn)行空間隔離機(jī)制的實(shí)現(xiàn)研究；對(duì)特權(quán)分離后的各虛擬域之間的訪問(wèn)過(guò)程，利用時(shí)間鎖機(jī)制，進(jìn)行時(shí)間隔離機(jī)制的實(shí)現(xiàn)研究。 最后，對(duì)系統(tǒng)進(jìn)行安全性驗(yàn)證和性能測(cè)試，結(jié)果表明，本文所提出安全機(jī)制可以有效地提高系統(tǒng)的安全性，并且性能消耗也在可接受的范圍之內(nèi)。
[Abstract]:Virtualization technology is the IT industry more and more attention, it has broken the close relation between the computer software and hardware, improve the utilization rate of resources, reduce the maintenance cost. At the same time, virtual machine security issues have become increasingly prominent, has become one of the most important challenges of the development of the virtual machine.
In the virtual machine architecture typical, usually into the virtual machine monitor (Virtual Machine, Monitor, VMM) to create a virtual virtual physical resources of a plurality of isolation, provided to the upper structure of the virtual machine (Virtual, Machine, VM). In order to simplify the design, the system usually contains a management VM, responsible for the management of other VM, and device driver support, such as Xen Dom0 and KVM Linux, they have the higher VM user permissions. The security of user VM depends on VMM and VM. The safety management deficiencies existing in the structure:
(1) the authority to manage VM is too centralized;
(2) there is a possibility of overriding access between VM sharing hardware platforms;
(3) the size of the trusted base of the user VM security is too large to ensure that the security of the user is more difficult.
Therefore, TCB enhance effective way is to reduce the security of the virtual machine system, reduce and disperse management VM privileges, maintain the independence of each VM and safety. Compared to writing no loopholes in the operating system, the isolation between the various domains in the existing virtual machine system, to prevent the expansion of safety hazards and to improve the security of the system is more simple and effective.
This paper presents a model based on the theory of interference free isolation lock time, and provides a virtual machine based on spatial separation of privilege isolation mechanism and an isolation mechanism of the virtual machine time lock based design for reducing user VM TCB, decentralized management VM privileges, and to strengthen the VM access isolation and improve the security of the system. The main work includes the following aspects:
(1) a time lock isolation model based on non interference theory is proposed.
Using the definition of trusted computing and noninterference theory, we proposed a time lock mechanism to allow untrusted domain process access to the trusted domain, during the visit, to interfere with the process of trusted process after the end of the visit, lock, unlock. According to the interference theory, gives the security access policy the proof.
(2) a space isolation mechanism of virtual machines based on privilege separation is proposed.
In this paper, the traditional Dom0 privilege separation: prone to security vulnerabilities of device driver independent, drive single domain; will affect the user's privacy privilege separated form DomU management domain by.Dom0 after separation, as Thin Dom0, created only responsible for the user domain, such as operations management. Privilege separation mechanism was redistributed the system permissions, system TCB code after separation is greatly reduced, the safety is improved, laid the foundation for the realization of temporal isolation model.
(3) a time lock based time isolation mechanism for virtual machines is proposed.
Privilege separation, also exist in the system is not trusted domain to a trusted domain access, through the time lock mechanism for trusted domain access to trusted domain, the time of isolation. Between Thin Dom0 and DomU and other virtual domain access is analyzed, and gives the corresponding design of isolation time.
(4) the realization of privilege separation and time lock mechanism is studied in combination with Xen platform.
Based on open source project Xen, we study the realization of spatial isolation mechanism in every domain of the system by privilege separation. After the privilege separation process, we use the time locking mechanism to achieve the time isolation mechanism.
Finally, the security verification and performance test of the system are carried out. The results show that the security mechanism proposed in this paper can effectively improve the security of the system, and the performance consumption is also within the acceptable range.

【學(xué)位授予單位】：解放軍信息工程大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2013
【分類號(hào)】：TP302

【參考文獻(xiàn)】

相關(guān)博士學(xué)位論文 前1條

1 邱罡;可信系統(tǒng)保護(hù)模型研究與設(shè)計(jì)[D];西安電子科技大學(xué);2010年

相關(guān)碩士學(xué)位論文 前1條

1 朱鴻偉;虛擬化安全關(guān)鍵技術(shù)研究[D];浙江大學(xué);2008年

本文編號(hào)：1379289