作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2012, Vol. 38 ›› Issue (08): 224-227. doi: 10.3969/j.issn.1000-3428.2012.08.073

• 工程应用技术与实现 • 上一篇    下一篇

基于虚拟化的系统安全增强及显卡透传研究

侯建宁1,董贵山1,王 银1,申 娅2   

  1. (1. 中国电子科技集团公司第三十研究所,成都 610041;2. 成都卫士通信息产业股份有限公司,成都 610041)
  • 收稿日期:2011-07-14 出版日期:2012-04-20 发布日期:2012-04-20
  • 作者简介:侯建宁(1978-),男,工程师,主研方向:信息安全,虚拟化技术,网络安全;董贵山,高级工程师、博士;王 银、申 娅,工程师

Research on System Security Enhancement and Graphics Card Pass-through Based on Virtualization

HOU Jian-ning 1, DONG Gui-shan 1, WANG Yin 1, SHEN Ya 2   

  1. (1. The 30th Institute of China Electronics Technology Group Corporation, Chengdu 610041, China; 2. Westone Information Industry Inc., Chengdu 610041, China)
  • Received:2011-07-14 Online:2012-04-20 Published:2012-04-20

摘要: 针对个人终端操作系统安全问题,提出一种基于系统虚拟化技术的操作系统安全增强模型,研究提高该模型下KVM虚拟机显示性能的显卡透传技术。实验结果表明,显卡透传技术能够克服虚拟机客户操作系统的显示性能缺陷,使得客户机操作系统能够像真实操作系统一样满足图形显示与处理的应用,适用于终端安全领域。

关键词: 系统虚拟化技术, 系统安全增强, KVM虚拟机, 显卡透传, 直接地址映射, PCI配置空间

Abstract: For security issue of personal terminal operating system, this paper proposes a security enhancement model based on the system virtualization technology on operating system, and in-depth study implementation of graphics card pass-through technology to improve virtual machine performance, based on Kernel-based Virtual Machine(KVM) virtual machine. Experimental results show that graphics card pass-through technology can breakthrough display performance bottlenecks of the virtual machine client operating system. This technology can make client operating system meet the graphics and processing applications as a real operating system, and can expand more space for development of terminal security field.

Key words: system virtualization technology, system security enhancement, Kernel-based Virtual Machine(KVM) virtual machine, graphics card pass-through, direct address mapping, PCI configuration space

中图分类号: