作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (15): 116-118,121. doi: 10.3969/j.issn.1000-3428.2011.15.036

• 安全技术 • 上一篇    下一篇

虚拟机监视器的安全性分析

金 伟,李明禄,翁楚良   

  1. (上海交通大学计算机科学与工程系,上海 200240)
  • 收稿日期:2011-03-16 出版日期:2011-08-05 发布日期:2011-08-05
  • 作者简介:金 伟(1984-),男,硕士研究生,主研方向:虚拟化技术;李明禄,教授、博士、博士生导师;翁楚良,副教授、博士
  • 基金资助:
    国家“973”计划基金资助项目(2007CB310900);国家自然科学基金资助项目(90612018, 90715030, 60970008)

Security Analysis of Virtual Machine Monitor

JIN Wei, LI Ming-lu, WENG Chu-liang   

  1. (Department of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200240, China)
  • Received:2011-03-16 Online:2011-08-05 Published:2011-08-05

摘要: 分析虚拟机监视器的安全性能,结合开源虚拟化软件Xen分析其潜在威胁和漏洞,如超级调用、I/O直接内存传输等。设计并实现一种通过修改Xen VCPU状态信息来破坏虚拟机稳定性的方法,同时给出具体的防范措施,如可以对关键数据结构计算其校验值,及时发现是否被入侵,也可以直接禁止模块的加载,避免一切可能由模块带来的安全性问题。

关键词: 虚拟机监视器, 安全性, 超级调用, 直接内存传输, 虚拟CPU

Abstract: This paper aims to explore the security of the Virtual Machine Monitor(VMM), combined with open source virtualization software Xen to analyze the potential threats and vulnerabilities, such as tampering with hypercalls, malicious direct memory access. It designs and implements a way to undermine the stability of virtual machine by modifying VCPU state and meanwhile give countermeasures, such as verifying critical data structures to discover whether it is invaded, or forbidding the loading of module to eliminate all possible security risks posed by the module.

Key words: Virtual Machine Monitor(VMM), security, hypercall, direct memory transmission, Virtual CPU(VCPU)

中图分类号: