摘要
文中分析了隔离网闸的原理以及应用中的问题,为实现更高效的安全隔离与数据交换系统,提出了基于一种基于虚拟机监控器体系结构的安全隔离与信息交互系统模型。并基于Xen虚拟机监控器系统,讨论了该模型的实现方式,利用Xen虚拟机体系结构实现不同客户域OS的安全隔离,采用Xen体系的超级调用、异步事件和域间内存共享访问机制,基于虚拟机管理器内部实现的访问控制模块(ACM)执行不同安全域信息受控交换策略,实现了不同客户域OS之间的受控数据交换。分析认为,该系统模型具有足够的安全隔离特性以及零内存拷贝的高效数据交换特性,具有重要的应用参考价值。
This paper discusses the network gatekeeper technology,and proposes a security domain isolation and data exchange model based on virtual machine monitor(VMM) . Then an implementation framework of this model based on Xen is described,a solution for security isolation between different security domains based on Xen structure is given. And with the technology of Hypercall,asynchronous event,memory-shared access mechanism between different client Oss,and ACM module in Xen,the control of data switch between different domains Oss is finally implemented. The security isolation and favorable data switching features of this model are discussed. These indicate that this model is of valuable application reference for future work.
出处
《信息安全与通信保密》
2011年第11期73-76,共4页
Information Security and Communications Privacy
