摘要: 分析虚拟机监视器的安全性能,结合开源虚拟化软件Xen分析其潜在威胁和漏洞,如超级调用、I/O直接内存传输等。设计并实现一种通过修改Xen VCPU状态信息来破坏虚拟机稳定性的方法,同时给出具体的防范措施,如可以对关键数据结构计算其校验值,及时发现是否被入侵,也可以直接禁止模块的加载,避免一切可能由模块带来的安全性问题。
关键词:
虚拟机监视器,
安全性,
超级调用,
直接内存传输,
虚拟CPU
Abstract: This paper aims to explore the security of the Virtual Machine Monitor(VMM), combined with open source virtualization software Xen to analyze the potential threats and vulnerabilities, such as tampering with hypercalls, malicious direct memory access. It designs and implements a way to undermine the stability of virtual machine by modifying VCPU state and meanwhile give countermeasures, such as verifying critical data structures to discover whether it is invaded, or forbidding the loading of module to eliminate all possible security risks posed by the module.
Key words:
Virtual Machine Monitor(VMM),
security,
hypercall,
direct memory transmission,
Virtual CPU(VCPU)
中图分类号:
金伟, 李明禄, 翁楚良. 虚拟机监视器的安全性分析[J]. 计算机工程, 2011, 37(15): 116-118,121.
JIN Wei, LI Meng-Lu, WENG Chu-Liang. Security Analysis of Virtual Machine Monitor[J]. Computer Engineering, 2011, 37(15): 116-118,121.