摘要
虚拟桌面系统与传统PC桌面系统结构的不同,导致其在保证安全机制自身可信的同时,也会带来"语义差别"和效率降低等问题。提出了一种安全虚拟机完整性监控机制SVMIM(security virtual machine integrity monitor)。SVMIM采用混杂模式的安全结构,基于可信计算技术对虚拟桌面系统的代码加载过程进行监视和控制,有效克服"语义差别"问题,并保证安全机制自身的可信;同时,SVMIM基于虚拟桌面网络引导机制,在网络存储端使用存储克隆技术,最大程度地降低安全机制对系统性能的影响。系统性能分析和基于SVMIM原型系统进行的实验表明,该技术是可行的,并且相对于传统的虚拟桌面安全保障方案具有较大的性能优势。
The difference in structure between virtual desktop system and traditional PC desktop system causes "semantic differences" and efficiency issues, when improving the trust level of the security mechanisms of virtual desktop system. A security virtual machine integrity monitor (SVMIM) was build based on network bootstrap mechanism. SVMIM adopted a hybrid security structure, monitored and controlled the loading process of executable files in virtual desktop systems, which could effectively overcome the shortcomings of "semantic gap" and ensure the trustworthiness of security mechanism. In addition, SVMIM used storage clone technology on network storage to reduce the impact of security mechanism to the system performance. The performance testing on SVMIM prototype and the performance analysis showed its flexibility and advantage.
出处
《四川大学学报(工程科学版)》
EI
CAS
CSCD
北大核心
2014年第1期29-34,共6页
Journal of Sichuan University (Engineering Science Edition)
基金
国家"973"重点基础研究发展规划资助项目(2007CB307101)
教育部高等学校博士学科点专项科研基金资助项目(20120009110007)
教育部高校创新团队项目(IRT201206)
2012年铁道部科技研究开发计划资助项目(2012X010-B)
关键词
虚拟桌面
可信平台
完整性度量
存储克隆
virtual desktop
trusted platform
integrity measurement
storage clone
