本文選題：虛擬化 + 監(jiān)控　； 參考：《西安電子科技大學(xué)》2014年碩士論文

【摘要】：虛擬化的自身安全問題與虛擬化技術(shù)的快速發(fā)展如影隨形。虛擬機(jī)上磁盤數(shù)據(jù)的安全關(guān)乎整個虛擬系統(tǒng)能否正常運行。在實踐和理論上，虛擬機(jī)和物理機(jī)器有著無法忽視的差別，一些傳統(tǒng)的監(jiān)控技術(shù)難以應(yīng)用和推廣。因此，需要將監(jiān)控技術(shù)和虛擬技術(shù)有機(jī)結(jié)合起來。在這種現(xiàn)實情況下，基于虛擬化平臺的磁盤文件監(jiān)控技術(shù)走進(jìn)了人們的視線。 本文具體研究Xen硬件虛擬化平臺的實現(xiàn)，Linux內(nèi)核以及虛擬文件系統(tǒng)。針對實時性監(jiān)控和細(xì)粒度監(jiān)控的問題，以運行在Xen硬件虛擬化平臺上的類Unix或Linux操作系統(tǒng)為前提，提出了一種新的監(jiān)控方法，設(shè)計了一種新型的磁盤文件監(jiān)控系統(tǒng)。該系統(tǒng)主要包括四個模塊：監(jiān)控模塊、信息發(fā)送模塊、監(jiān)聽模塊和安全模塊。監(jiān)控模塊部署在DomU，實時監(jiān)控DomU中所有涉及改變磁盤文件內(nèi)容及屬性的操作并產(chǎn)生監(jiān)控信息；信息發(fā)送模塊和監(jiān)聽模塊實現(xiàn)DomU和Dom0之間通信；安全模塊部署在安全級別較高的Dom0以避免自身受到攻擊的威脅，，保證信息發(fā)送模塊和監(jiān)控模塊運行時的安全。 本文詳細(xì)闡述各個模塊的設(shè)計和具體實現(xiàn)，對系統(tǒng)進(jìn)行了測試并完成結(jié)果評估。
[Abstract]:The security of virtualization itself is closely related to the rapid development of virtualization technology. The security of disk data on virtual machine relates to whether the whole virtual system can run normally. In practice and theory, the difference between virtual machine and physical machine can not be ignored, and some traditional monitoring techniques are difficult to be applied and popularized. Therefore, it is necessary to combine monitoring technology with virtual technology. In this kind of reality, the disk file monitoring technology based on virtualization platform has come into the sight of people. This paper studies the implementation of Xen hardware virtualization platform Linux kernel and virtual file system. Aiming at the problems of real-time monitoring and fine-grained monitoring, a new monitoring method is proposed based on Unix-like or Linux operating system running on Xen hardware virtualization platform. A new disk file monitoring system is designed. The system consists of four modules: monitoring module, information sending module, monitoring module and security module. The monitoring module is deployed in Domu, real-time monitoring all operations related to changing the contents and attributes of disk files in Domu and generating monitoring information, and the information sending module and listening module realize communication between DomU and Dom0. The security module is deployed in Dom0 with high security level to avoid the threat of attack on itself and to ensure the security of the message sending module and monitoring module. The design and implementation of each module are described in detail. The system is tested and evaluated.
【學(xué)位授予單位】：西安電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP277;TP333

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 崔國華;周榮華;粟栗;;關(guān)于MD5強(qiáng)度分析的研究[J];計算機(jī)工程與科學(xué);2007年01期

本文編號：2099313