基于XEN虚拟监控器的安全访问控制技术研究

上海交通大学硕士学位论文基于XEN虚拟监控器的安全访问控制技术研究姓名：范晓光申请学位级别：硕士专业：计算机技术指导教师：邓倩妮;朱世交20091101IXENXENFlaskXENXENXENXENIITheSecurityAccessControlofXENHypervisorABSTRACTWiththegrowingofcomputerscience,upgradingoftheoperatingsystem,thesecurityofnetworkandinformationhavebecomemoreandmoreimportant.Thus,thesecurityissuesfacewithgreatchallenges.BasedonXENhypervisor,westudydeeplywithitsSeHypermodule.Andcombinewithrelevantcharacteristic,weanalyzethestructureofthesecuritycontrolmodule.Themainworksofthepaperareasfollowing:Firstofall,weintroducethestatusofvirtualizationtechnology,listthethreemajorHypervisormodules,analyzethekeyfeaturesofthevirtualizationtechnology,pointoutthesecurityrisksintheHypervisor,andlisttheprevalencesecuritycontrolmodule.Secondly,basedontheXEN,wedeeplystudyitsSeHyper.Analyzehowtoaddsecuritycontrolwhenvirtualmachineaccesstherelevantresource.AndmakeclearwiththeprocessesofSeHypersecuritycontrolmechanismandthedependencybetweensecurityhooks,securitypolicymanagerandpolicydecisionmanager.Finally,wesetuptheexperimentenvironment,makethetestcasesandanalyzethetestresults.ItturnsouttobethatSeHypermakealittleslowdowntosystemperformance.Butthebenchmarkcanbeacceptable.AndtheSeHypercanimprovealittleefficiencyforthesystemcache.KEYWORDS:XEN,SeHyper,AccessControlIIIAbbreviationsFullspellingChineseexplanationACMAccessControlModuleCISCComplexInstructionSetComputerCWChineseGreatWallDACDiscretionaryAccessControlHMCHardwareManagementConsoleISAInstructionSetArchitectureMACMandatoryAccessControlMMUMemoryManagementUnitSeHyperSecurityHypervisorTETypeEnforementTLBTranslationlookasidebufferULMUserLevelMonitorVMVirtualMachine11.1206020IBMM44/44x[1]:IBM7044IBMVM/370[1]1-1HypervisorHypervisorHostMachineHypervisorVirtualMachinePP1PnP2OperatingSystemHardwarePlatformP1PnOperatingSystemHardwarePlatformVirtualMachineMonitor(Hypervisor)P1PnOperatingSystemVM1VM2A.ClassicalviewofOperatingSystemB.ViewofVMM1-1Fig.1-1Transformationformclassicoperatingsystemtovirtualmachine2IBM8090[2]x86200540IC[2]1.2x86x86AMDx86x86x86x86x86x861.2.1IBM,HPIntel3IT50099%IDC20101503/450075062%4%64CPUX861.2.21-21.34[1][3](DAC)[3]DACSeLinux[3]Linux[3][3][3]Hypervisor5HypervisorHypervisor[3]SeHyperHypervisorSeHyper[3]1.4XENXEN6SeHyperSeHyperSeHyperHypervisor7HypervisorHypervisorI/OHypervisorXENVMWareKVMHypervisor2.1HypervisorHypervisor2.1.1ComputerArchitecture----ISAInstructionSetArchitectureISACISCRISCEPICISAPopekGoldberg[2]IA-32IA-64IA-32IA-64IAIntelArchitecture[4]IntelIntel3280868088801868028680286i386i486x86i486intelHypervisor8x86IAIA-32Intel32IA-64Intel64IA-32IA-32CISCComplexInstructionSetComputerCISC[4]IntelHP64----EPICExplictParallelInstrutionComputingIntelEPICIA-64ItaniumItaniumIA-32ItaniumIA-64IA-32IA-32EL(IA-32ExecutionLayer)[4]ItaniumIA-32AMD64x86-64x646432x86AMDAMD64Athlon64Athlon64FXAthlon64X2Turion64OpteronSempronAMDAMD64Intelx86-32x86RISCDECAlpha64DirkMeyerAMD64AMDAlphaAMD64:SSE2SSE3(NX-bit):AMD64(No-Execute,NX)BufferOverflowAMD64AMDIntel16Intel80863280386x8664AMD64IA-32641632x86AMD64NXbitDECAlpha64RISCHypervisor9x86x86Alphax86AMD64x8664x862.1.2HypervisorHypervisor2-1HypervisorOS-HostedHypervisorHypervisorStand-aloneHypervisorHypervisorHybridHypervisorUserApplicationsUserApplicationsUserLevelMonitorDeviceModelsDeviceModelsVMGuestOSandAppsGuestOSandAppsDriverDriverHostOSRing0HypervisorRing0HypervisorDeviceDeviceVM1VM2GuestOSandAppsGuestOSandAppsHypervisorDevicesDevicesGuestOSandAppsGuestOSandAppsDeviceModelDeviceModelDriverDriverServiceVMVMGuestOSandAppsGuestOSandAppsU-HypervisorDevicesDevicesServiceVMServiceVMUserLevelMonitorUserLevelMonitor2-1HypervisorFig.2-1ClassicHypervisorsoftwarearchitecture2.1.2.1HypervisorHypervisorHypervisorHypervisorHypervisorOSRing0HypervisorUserLevelMonitorULM[5]HypervisorCPUHypervisorHypervisor10OSOSVMCPUHypervisorVMHypervisorULMULMVMI/OVMI/OHypervisorI/OHypervisorHypervisorHypervisorHypervisorHypervisorHypervisorHypervisorCPUHypervisor---Hypervisor2.1.2.2HypervisorVMHypervisorStand-aloneHypervisorHypervisor2-1I/OVM[6]HypervisorVMVMI/OHypervisorVMI/OI/OHypervisorI/OI/OHypervisorI/OVMI/OHypervisorHypervisorHypervisor11HypervisorVMI/OHypervisorI/OI/OHypervisorI/OHypervisorI/OHypervisorHypervisorI/OHypervisorVMHypervisor2.1.2.3HypervisorHypervisorOSHypervisorHypervisorHybridHypervisor[8]2-1HypervisorHypervisor2Hypervisor-hypervisorCPUI/OVMServiceVMVMHypervisorHypervisorI/OHypervisorHypervisorVMVMHypervisor,VMDMAIntelI/OVT-d[8]I/OXENVM2.1.3HypervisorHypervisorHypervisorVirtualMachineI/OHypervisorHypervisor12HypervisorVMWareIA-32[4]Hypervisor[2]2.1.3.1CPUCPUCPUGoldberg[2]IA-32I/OCPUProtectionRingsLevel0Level2Level3Level4OperatingsystemkernelOperatingsystemservicesApplications2-2IA-32Fig.2-2PrivilegeprotectionmechanismofIA-32architectureHypervisor13IA-32GoldbergIA-32RingCurrentPrivilegeLevelCPL032-2IA-32Ring0Ring3IA-32intiretIA-32SegmentationandPagingI/OCPUIA-3216224IA-32HypervisorHypervisorVMHypervisorVMVMGoldberg[2]HypervisorVMVMVMsensitiveinstructionHypervisor1)VM2)sensitiveregistersIA-323)VM4)I/ORobinIrvine[3]PentiumPentiumVMHypervisor14