摘要
系统隔离是计算机系统整体可靠性、可扩展性的重要支撑技术.传统的系统隔离基于权限构建的层次隔离模型,在设计上将软件分为不同层次,层次由下而上权限不断降低,底层高权限软件层负责对上层低权限软件进行隔离.近年来,随着硬件层不断涌现出硬件辅助虚拟化、ARM TrustZone、Intel SGX(Software Guard Extension)等新技术,离散隔离模型渐渐成为研究热点,为传统的系统软件带来了诸多机遇和挑战.
System isolation is a key enabling technology for reliability and scalability of computer system.Traditional system isolation is based on privilege layering,which is known as"layered isolation model".Software is divided into different layers,the lower layer has the higher privilege,which is responsible for the isolation of up-layer software.Recently,as new hardware extensions keep evolving,including hardware assisted virtualization,ARM TrustZone,Intel SGX(Software Guard Extension),a new model,named"disaggregated isolation model",is becoming a hot research topic,which brings new opportunities and challenges to traditional system software.
出处
《上海交通大学学报》
EI
CAS
CSCD
北大核心
2018年第10期1339-1347,共9页
Journal of Shanghai Jiaotong University
基金
国家重点研发计划(2016YFB1000104)
国家自然科学基金(61732010
61572314)资助项目
关键词
隔离
操作系统
虚拟化
硬件安全扩展
isolation
operating system
virtualization
hardware security extension