本文選題：虛擬化技術(shù) + 嵌入式��； 參考：《南京理工大學(xué)》2013年碩士論文

【摘要】：隨著嵌入式系統(tǒng)在互聯(lián)網(wǎng)中的應(yīng)用日益普遍,系統(tǒng)的安全問題越來越成為人們關(guān)注的焦點,引入虛擬化來解決安全問題也成為嵌入式領(lǐng)域研究的熱點問題。隨著嵌入式硬件性能的不斷提升,虛擬化技術(shù)和嵌入式的結(jié)合也成為可能。國外的公司和大學(xué)也在積極地投入大量的人力和財力對嵌入式虛擬化技術(shù)進(jìn)行研究。嵌入式虛擬化技術(shù)將會給嵌入式領(lǐng)域帶來巨大變化,值得關(guān)注。 本文在全面完整地回顧虛擬化技術(shù)的相關(guān)理論和技術(shù)基礎(chǔ)上,提出了應(yīng)用在嵌入式系統(tǒng)中的虛擬化安全方案,設(shè)計并實現(xiàn)了基于Xen的隔離安全模型,論文的主要工作如下： (1)對當(dāng)前嵌入式系統(tǒng)和Linux內(nèi)核面臨的威脅進(jìn)行了詳細(xì)的綜述,同時從實現(xiàn)層次和技術(shù)角度分類地介紹了虛擬化技術(shù),最后闡述了嵌入式虛擬化技術(shù)在解決以上安全問題的優(yōu)勢。 (2)對Xen體系結(jié)構(gòu)和實現(xiàn)方法進(jìn)行了詳細(xì)的綜述,闡述了將Xen應(yīng)用在ARM上的思想。 (3)通過與Xen傳統(tǒng)實踐模型對比,提出了基于Xen的隔離安全模型,同時闡述了隔離各組成模塊的功能。最后在此基礎(chǔ)上實現(xiàn)了隔離安全模型。 (4)針對緩沖區(qū)溢出漏洞,對Xen傳統(tǒng)模型和隔離模型進(jìn)行對比攻擊實驗,從側(cè)面說明隔離模型在保護(hù)系統(tǒng)安全方面的突出優(yōu)勢。 論文最后分析了已有研究中存在的不足,并對未來的研究內(nèi)容進(jìn)行了展望。
[Abstract]:With the increasingly common application of embedded systems in the Internet, the security of the system has become the focus of attention, the introduction of virtualization to solve security issues has become a hot issue in the field of embedded research. With the continuous improvement of embedded hardware performance, the combination of virtualization technology and embedded system becomes possible. Foreign companies and universities are also actively investing a lot of human and financial resources to research embedded virtualization technology. Embedded virtualization technology will bring great changes to the embedded field, which deserves attention. Based on a comprehensive review of the relevant theories and technologies of virtualization technology, this paper proposes a virtualization security scheme applied in embedded systems, and designs and implements an isolated security model based on Xen. The main work of this paper is as follows: (1) the threats to embedded system and Linux kernel are summarized in detail, and virtualization technology is introduced from the aspects of implementation level and technology. Finally, the advantages of embedded virtualization in solving the above security problems are described. (2) the architecture and implementation of Xen are summarized in detail. The idea of applying Xen to arm is expounded. (3) by comparing with the traditional Xen model, the isolation security model based on Xen is put forward, and the function of isolating each component module is expounded. Finally, the isolation security model is implemented. (4) aiming at buffer overflow vulnerability, the Xen traditional model and isolation model are compared with each other to illustrate the outstanding advantages of isolation model in protecting system security. At the end of the paper, the shortcomings of the existing research are analyzed, and the future research contents are prospected.
【學(xué)位授予單位】：南京理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2013
【分類號】：TP368.1;TP316.81

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 張煥國;羅捷;金剛;朱智強;余發(fā)江;嚴(yán)飛;;可信計算研究進(jìn)展[J];武漢大學(xué)學(xué)報(理學(xué)版);2006年05期

，

本文編號：2103759