摘要
针对虚拟机监视器无法保障系统内动态策略文件的完整性,以及无法保障其所存储策略文件的完整性,实现了一种虚拟化系统策略文件的完整性安全机制。采用改进的策略文件存储方案,实现策略文件的安全存储,通过对动态策略文件进行完整性定时校验,实现动态策略文件的完整性安全保障。实验结果表明,该机制适度增加了虚拟化系统的运行负荷,但有效保障了系统动态和存储策略文件的完整性,提高了系统的安全性。
A novel data integrity security mechanism of policy file in kernel-based virtual machine system is proposed to tackle the challenges of policy file in hypervisor, which is also named virtual machine monitor, including the integrity of dynamic policy file can not be checked in kernel space, and hypervisor can not guarantee the integrity of policy file stored inside user space. This mechanism adopts an improved policy-storing method for protecting the integrity of stored policy file, and can periodically check the integrity of dynamic policy file to satisfy the security requirements of dynamic policy file. Experiments indicate that the mechanism properly increases the hypervisor's workloads, however, it can guarantee policy file~ s integrity, including dynamic and stored policy file, and can improve the security of hypervisor.
出处
《计算机工程与设计》
CSCD
北大核心
2014年第1期17-20,共4页
Computer Engineering and Design
基金
国家自然科学基金项目(60903191)
上海市优秀技术带头人计划基金项目(13XD1425100)
上海市自然基金课题信息基金项目(11ZR1418500)
