本文關(guān)鍵詞：一種基于特權(quán)分離和時間鎖的虛擬機隔離機制研究　出處：《解放軍信息工程大學(xué)》2013年碩士論文　論文類型：學(xué)位論文

  更多相關(guān)文章： 虛擬機安全 虛擬機隔離 無干擾理論 隔離模型 最小特權(quán) 特權(quán)分離 時間隔離

【摘要】：虛擬化技術(shù)正在得到IT行業(yè)越來越多的重視，它打破了計算機軟件與硬件之間的緊密依賴關(guān)系，提高了資源利用率，降低了維護成本。與此同時，虛擬機的安全問題也日益突出，已經(jīng)成為虛擬機發(fā)展的重要挑戰(zhàn)之一。 在典型的虛擬機構(gòu)架中，通常引入虛擬機監(jiān)控器（Virtual Machine Monitor， VMM）來虛擬出多個隔離的虛擬物理資源，提供給上層所構(gòu)造的虛擬機（Virtual Machine， VM）。為了簡化設(shè)計，系統(tǒng)中通常還包含一個管理VM，負責管理其他VM，并提供設(shè)備驅(qū)動支持，如Xen中的Dom0和KVM中的Linux，它們擁有高于用戶VM的權(quán)限。用戶VM的安全，依賴于VMM和管理VM的安全。這種結(jié)構(gòu)存在的不足之處在于： （1）管理VM的權(quán)限過于集中； （2）共享硬件平臺的VM之間存在越權(quán)訪問的可能； （3）用戶VM安全所依賴的可信基規(guī)模過大，，確保自身安全難度較大。 因此，提升虛擬機安全性的有效技術(shù)途徑就是減小系統(tǒng)的可信基，減少并分散管理VM的特權(quán)，保持各VM的獨立和安全。相比編寫一個沒有漏洞的操作系統(tǒng)來說，在現(xiàn)有虛擬機系統(tǒng)中加強各個域間的隔離特性，防止安全危害的擴大，對于提高系統(tǒng)安全性更為簡單有效。 本文提出了一種基于無干擾理論的時間鎖隔離模型，然后給出了一種基于特權(quán)分離的虛擬機空間隔離機制和一種基于時間鎖的虛擬機時間隔離機制設(shè)計，用于減小用戶VM的TCB，分散管理VM特權(quán)，并加強對各VM間的訪問隔離，提高系統(tǒng)的安全性。主要的工作包含以下幾個方面： （1）提出了一種基于無干擾理論的時間鎖隔離模型。 利用可信計算的定義及無干擾理論，提出一種時間鎖機制：允許不可信域進程對可信域進行訪問，在訪問過程中，對干擾該進程的不可信域進程進行鎖定，訪問結(jié)束后，解除鎖定。根據(jù)無干擾理論，給出了訪問策略的安全性證明。 （2）提出了一種基于特權(quán)分離的虛擬機空間隔離機制。 本文將傳統(tǒng)Dom0進行特權(quán)分離：把易產(chǎn)生安全漏洞的設(shè)備驅(qū)動獨立出來，形成單獨的驅(qū)動域；將影響用戶隱私的特權(quán)分離出來，形成DomU管理域。Dom0經(jīng)分離后，成為Thin Dom0，只負責用戶域的創(chuàng)建、管理等操作。特權(quán)分離機制對系統(tǒng)的權(quán)限進行重新分配，分離后的系統(tǒng)可信域代碼量大幅減少，安全性得到提高，為實現(xiàn)時間隔離模型奠定了基礎(chǔ)。 （3）提出了一種基于時間鎖的虛擬機時間隔離機制。 特權(quán)分離后，系統(tǒng)中還存在不可信域?qū)尚庞虻脑L問，利用時間鎖機制，針對不可信域?qū)尚庞虻脑L問，進行時間隔離。分別對Thin Dom0與DomU之間以及其它虛擬域之間的訪問進行了分析，并給出了相應(yīng)的時間隔離設(shè)計。 （4）結(jié)合Xen平臺，對特權(quán)分離和時間鎖機制進行了實現(xiàn)研究。 基于開源項目Xen，對系統(tǒng)的各個域，通過特權(quán)分離，進行空間隔離機制的實現(xiàn)研究；對特權(quán)分離后的各虛擬域之間的訪問過程，利用時間鎖機制，進行時間隔離機制的實現(xiàn)研究。 最后，對系統(tǒng)進行安全性驗證和性能測試，結(jié)果表明，本文所提出安全機制可以有效地提高系統(tǒng)的安全性，并且性能消耗也在可接受的范圍之內(nèi)。
[Abstract]:Virtualization technology is the IT industry more and more attention, it has broken the close relation between the computer software and hardware, improve the utilization rate of resources, reduce the maintenance cost. At the same time, virtual machine security issues have become increasingly prominent, has become one of the most important challenges of the development of the virtual machine.
In the virtual machine architecture typical, usually into the virtual machine monitor (Virtual Machine, Monitor, VMM) to create a virtual virtual physical resources of a plurality of isolation, provided to the upper structure of the virtual machine (Virtual, Machine, VM). In order to simplify the design, the system usually contains a management VM, responsible for the management of other VM, and device driver support, such as Xen Dom0 and KVM Linux, they have the higher VM user permissions. The security of user VM depends on VMM and VM. The safety management deficiencies existing in the structure:
(1) the authority to manage VM is too centralized;
(2) there is a possibility of overriding access between VM sharing hardware platforms;
(3) the size of the trusted base of the user VM security is too large to ensure that the security of the user is more difficult.
Therefore, TCB enhance effective way is to reduce the security of the virtual machine system, reduce and disperse management VM privileges, maintain the independence of each VM and safety. Compared to writing no loopholes in the operating system, the isolation between the various domains in the existing virtual machine system, to prevent the expansion of safety hazards and to improve the security of the system is more simple and effective.
This paper presents a model based on the theory of interference free isolation lock time, and provides a virtual machine based on spatial separation of privilege isolation mechanism and an isolation mechanism of the virtual machine time lock based design for reducing user VM TCB, decentralized management VM privileges, and to strengthen the VM access isolation and improve the security of the system. The main work includes the following aspects:
(1) a time lock isolation model based on non interference theory is proposed.
Using the definition of trusted computing and noninterference theory, we proposed a time lock mechanism to allow untrusted domain process access to the trusted domain, during the visit, to interfere with the process of trusted process after the end of the visit, lock, unlock. According to the interference theory, gives the security access policy the proof.
(2) a space isolation mechanism of virtual machines based on privilege separation is proposed.
In this paper, the traditional Dom0 privilege separation: prone to security vulnerabilities of device driver independent, drive single domain; will affect the user's privacy privilege separated form DomU management domain by.Dom0 after separation, as Thin Dom0, created only responsible for the user domain, such as operations management. Privilege separation mechanism was redistributed the system permissions, system TCB code after separation is greatly reduced, the safety is improved, laid the foundation for the realization of temporal isolation model.
(3) a time lock based time isolation mechanism for virtual machines is proposed.
Privilege separation, also exist in the system is not trusted domain to a trusted domain access, through the time lock mechanism for trusted domain access to trusted domain, the time of isolation. Between Thin Dom0 and DomU and other virtual domain access is analyzed, and gives the corresponding design of isolation time.
(4) the realization of privilege separation and time lock mechanism is studied in combination with Xen platform.
Based on open source project Xen, we study the realization of spatial isolation mechanism in every domain of the system by privilege separation. After the privilege separation process, we use the time locking mechanism to achieve the time isolation mechanism.
Finally, the security verification and performance test of the system are carried out. The results show that the security mechanism proposed in this paper can effectively improve the security of the system, and the performance consumption is also within the acceptable range.

【學(xué)位授予單位】：解放軍信息工程大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2013
【分類號】：TP302

【參考文獻】

相關(guān)博士學(xué)位論文 前1條

1 邱罡;可信系統(tǒng)保護模型研究與設(shè)計[D];西安電子科技大學(xué);2010年

相關(guān)碩士學(xué)位論文 前1條

1 朱鴻偉;虛擬化安全關(guān)鍵技術(shù)研究[D];浙江大學(xué);2008年

本文編號：1379289