作　　者： ; ; ;

机构地区： 上海交通大学电子信息与电气工程学院电子工程系

出　　处： 《计算机工程与设计》 2014年第1期17-20,共4页

摘　　要： 针对虚拟机监视器无法保障系统内动态策略文件的完整性,以及无法保障其所存储策略文件的完整性,实现了一种虚拟化系统策略文件的完整性安全机制。采用改进的策略文件存储方案,实现策略文件的安全存储,通过对动态策略文件进行完整性定时校验,实现动态策略文件的完整性安全保障。实验结果表明,该机制适度增加了虚拟化系统的运行负荷,但有效保障了系统动态和存储策略文件的完整性,提高了系统的安全性。 A novel data integrity security mechanism of policy file in kernel-based virtual machine system is proposed to tackle the challenges of policy file in hypervisor, which is also named virtual machine monitor, including the integrity of dynamic policy file can not be checked in kernel space, and hypervisor can not guarantee the integrity of policy file stored inside user space. This mechanism adopts an improved policy-storing method for protecting the integrity of stored policy file, and can periodically check the integrity of dynamic policy file to satisfy the security requirements of dynamic policy file. Experiments indicate that the mechanism properly increases the hypervisor＇s workloads, however, it can guarantee policy file~ s integrity, including dynamic and stored policy file, and can improve the security of hypervisor.

关 键 词： 虚拟机监视器 策略文件 数据完整性 校验 安全

领　　域： [自动化与计算机技术] [自动化与计算机技术]