计算机系统隔离研究

Research on Computer System Isolation

系统隔离是计算机系统整体可靠性、可扩展性的重要支撑技术.传统的系统隔离基于权限构建的层次隔离模型,在设计上将软件分为不同层次,层次由下而上权限不断降低,底层高权限软件层负责对上层低权限软件进行隔离.近年来,随着硬件层不断涌现出硬件辅助虚拟化、ARM TrustZone、Intel SGX(Software Guard Extension)等新技术,离散隔离模型渐渐成为研究热点,为传统的系统软件带来了诸多机遇和挑战.

System isolation is a key enabling technology for reliability and scalability of computer system.Traditional system isolation is based on privilege layering,which is known as"layered isolation model".Software is divided into different layers,the lower layer has the higher privilege,which is responsible for the isolation of up-layer software.Recently,as new hardware extensions keep evolving,including hardware assisted virtualization,ARM TrustZone,Intel SGX(Software Guard Extension),a new model,named"disaggregated isolation model",is becoming a hot research topic,which brings new opportunities and challenges to traditional system software.