期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于互信的特权分离虚拟机安全模型研究 被引量:1

Separate privilege virtual machine security model based on mutual trust
下载PDF
导出
摘要 虚拟机的安全问题一直是关注的热点。传统管理域Dom0权限过大,使用户的隐私受到威胁;同时,攻击者一旦攻破Dom0,会给所有用户带来威胁。针对这些问题,提出一种基于互信的特权分离(MTSP)安全模型,对Dom0的特权进行分割,将漏洞较多的设备驱动独立出来,形成驱动域;把影响用户隐私的操作分离,为每个用户创建一个DomU管理域;其余的形成Thin Dom0。系统的启动需要用户和虚拟机监控器共同来完成,起到相互制约的作用。结合该模型,给出了原型实现,并且进行了安全性分析及性能测试。结果表明,该模型可以有效地保护用户隐私,分散安全风险,并且隔离故障。 Virtual machine security issues have been the focus of attention. The permissions of traditional management domain Dom0 are too large, so that the user' s privacy is threatened. At the same time, once the attacker compromises Dora0, it can threaten all the users. This paper presented a separate privilege virtual machine security model based on mutual trust( MTSP). It split Dom0' s privileges into three parts : the device driver, forming the isolated driver domain ; the Operations of the user' s privacy, forming a DomU management domain; remaining forming Thin Dom0. It achieved the startup of the system by the VMM and user together restricting each other. Combined with the model, the prototype system was implemented and security analysis and performance testing were done. It can protect the users' privacy, apportion the risk and isolate fault.
作者 禹聪 李立新 王魁 余文涛
机构地区 信息工程大学密码工程学院
出处 《计算机应用研究》 CSCD 北大核心 2013年第9期2784-2787,共4页 Application Research of Computers
关键词 互信 特权分离 虚拟机安全 安全模型 mutual trust separation of privilege virtual machine security security model
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献11

  • 1Xen guest root escapes to DomO via PyGrub, CVE-2007-4993 [ EB/ OL]. http ://www. securityfocus, com/bid/25825.
  • 2Integer overflows in libext2fs in e2fsprogs, CVE- 2007- 5497 [ EB/ OL]. http ://www. securityfocus, com/bid/26772.
  • 3Buffer overflow in the backend of XenSouree Xen paravirtualized frame buffer, CVE- 2008- 1943 [ EB/OL ]. http ://www. seeurityfocus, corn/ bid/29183.
  • 4HVM destroy P2M host DoS Xen HVM guest P2M teardown denim of service vulnerability,CVE-2012-3433[EB/OL], http://www, secu- rityfocus, com/bid/54942.
  • 5IBM Corporation. Xen users' manual [EB/OL]. http://bits_xen- source, com/Xen/docs/User, pdf.
  • 6LI Chun-xiao, ANAND R, NIRAJ K. Secure virtual machine execu- tion under an untrusted management OS[ C]//Proc of the 3rd IEEE International Conference on Cloud Computing. 2010 : 172-179.
  • 7ZHANG Feng-zhe, CHEN Jin, CHEN Hai-bo, et al. CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization[ C]//Proc of the 23rd Symposium on Operating Systems on Operating Systems Principles. New York: ACM Press, 2011:203-216.
  • 8Trusted Computing Group. TPM main specification version 1.2 [ EB/ OL ]. http ://www. trustedcomputinggroup, org.
  • 9BERGER S, CACERES R, GOLDMAN K, et al. vTPM : virtualizing the trusted platform module [ C]//Proe of the 15th Conference on USENIX Security Symposium. Berkeley : USENIX Association ,2006.
  • 10Applied Data Security Group. What is trustedGRUB [ EB/OL]. ht- tp ://www. prosec, de/trusted_grub, html.

同被引文献6

引证文献1

二级引证文献1

计算机应用研究
2013年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部