一种可配置的虚拟机内存隔离方法

A Configurable Method for Virtual Machine MemoryIsolation

针对虚拟化环境自身体系结构和虚拟机之间内存映射的特点,提出一种特权域和普通域间可配置的内存隔离方法,实现对普通域内存信息的安全性隔离,在保证普通域运行过程内存信息可靠性和秘密性的同时,增强普通域内存信息管理的可维护性。

Based on the virtualized environment architecture and memory mapping between virtual machines, a configu-rable method for preventing the privileged domain from accessing to user domain^ memory is proposed. The method implements the security isolation between domains, memory, and this not only guarantees memory reliability and confidentiality during domain process execution, but also enhances the maintainability of domain’s memory management.