Xen-oriented memory sharing security isolation method for virtual machines

A memory sharing and security isolation technology, applied in the field of virtualization security, can solve problems such as incompleteness and inability to achieve complete isolation, and achieve good usability.

Inactive Publication Date: 2015-04-29
706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND +1
View PDF5 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

All virtual machines in Xen share physical memory. Although Xen theoretically isolates the memory of each virtual machine through means such as multi-level page tables, the memory isolation mechanism provided by Xen still has many imperfections and cannot be implemented. complete isolation in the true sense

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Xen-oriented memory sharing security isolation method for virtual machines
  • Xen-oriented memory sharing security isolation method for virtual machines
  • Xen-oriented memory sharing security isolation method for virtual machines

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The following describes the implementation in detail in conjunction with the flow chart. It should be emphasized that the following description is only exemplary, and is not intended to limit the scope of the present invention and its application.

[0025] The security isolation of memory access in Xen is realized through the isolation of the authorization table mechanism, and the security isolation of memory sharing can be realized by extending the existing ACM management mechanism.

[0026] The principle of the scheme can be as figure 2 To describe, first complete the interception of the authorization table access when a memory table sharing request occurs, and then complete the validity verification of the authorization operation through the extended ACM control. When the verification is passed, the operation is released, and when the verification is not passed, the operation is rejected. operation performed. The security isolation of memory sharing between virtual...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Xen-oriented memory sharing security isolation method for virtual machines, belongs to the technical field of virtual security, and particularly relates to the field of memory sharing security improvement for Xen virtual machines. The Xen-oriented memory sharing security isolation method has the advantages that the Xen-oriented memory sharing security isolation method is used for open-source software Xen of the virtual machines; existing memory sharing mechanisms of the open-source software Xen are analyzed, and can be extended and additionally provided with mandatory access control modules on the basis of security frames XSM (Xen security modules) of the open-source software Xen on the premise that influence on normal use of other functions of the open-source software Xen is prevented, the memory sharing authority is required to be checked when memories are about to be shared, only memory sharing operation which meets specific access control rules can be authorized, and accordingly the purpose of monitoring the memory sharing security of the virtual machines can be achieved.

Description

technical field [0001] The invention belongs to the technical field of virtualization security, and in particular relates to a security isolation method for Xen-oriented virtual machine memory sharing. Background technique [0002] With the continuous expansion of cloud computing application fields, virtualization technology, as a research hotspot in the field of cloud computing, is also constantly moving forward. Xen is currently one of the most widely used virtualization technologies, and has also received extensive attention. The memory sharing operation in the Xen virtual machine is a very common operation, which can greatly improve the efficiency of data transmission. All virtual machines in Xen share physical memory. Although Xen theoretically isolates the memory of each virtual machine through means such as multi-level page tables, the memory isolation mechanism provided by Xen still has many imperfections and cannot be implemented. to complete isolation in the true...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/62G06F21/74
CPCG06F21/54G06F2221/2141
Inventor 刘刚王润高张继业王斌
Owner 706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap