网络与信息安全学报 ›› 2016, Vol. 2 ›› Issue (10): 17-28.doi: 10.11959/j.issn.2096-109x.2016.00091

• 综述 • 上一篇    下一篇

虚拟化安全:机遇,挑战与未来

刘宇涛,陈海波   

  1. 上海交通大学并行与分布式系统研究所,上海 200240
  • 修回日期:2016-09-27 出版日期:2016-10-01 发布日期:2020-03-17
  • 作者简介:刘宇涛(1989-),男,福建龙岩人,上海交通大学博士生,主要研究方向为操作系统、虚拟化安全和手机安全。|陈海波(1982-),男,湖南邵阳人,上海交通大学教授、博士生导师,主要研究方向为系统软件、系统结构与系统安全。

Virtualization security:the good,the bad and the ugly

Yu-tao LIU,Hai-bo CHEN   

  1. Institution of Parallel and Distributed Systems,Shanghai Jiaotong University,Shanghai 200240,China
  • Revised:2016-09-27 Online:2016-10-01 Published:2020-03-17

摘要:

随着云计算的流行,虚拟化安全问题受到了广泛的关注。通过引入额外的一层抽象,虚拟化技术为整个系统提供了更强级别的隔离机制,并为上层软件提供了一系列自底向上的安全服务。另一方面,抽象的引入所带来的复杂性提升和性能损失,都对虚拟化安全的研究带来了巨大的挑战。介绍了上海交通大学并行与分布式系统研究所近几年来在虚拟化安全领域所做的一系列具有代表性的工作,包括利用虚拟化提供可信执行环境、虚拟机监控、域内隔离等一系列安全服务,以及对虚拟化环境的可信计算基和跨域调用等方面进行优化的成果,并对当前和未来虚拟化安全领域的问题和探索方向进行了总结。

关键词: 虚拟化安全, 可信执行环境, 虚拟机自省, 域内隔离, 可信计算基, 跨域调用

Abstract:

The virtualization security has increasingly drawn widespread attention with the spread of cloud computing in recent years.Thanks to another level of indirection,virtualization can provide stronger isolation mechanisms,as well as bottom-up security services for upper-level software.On the other side,the extra indirection brings complexity and overhead as well,which poses huge challenges.A series of recent representative work done by the institute of parallel and distributed system shanghai jiaotong university,including providing security services of trusted execution environment,virtual machine monitoring,intra-domain isolation,as well as optimizing trusted computing base and cross-world calls in the virtualization environment.Finally the problems and directions in the space of virtualization security were summarized.

Key words: virtualization security, trusted execution environment, virtual machine introspection, intra-domain isolation, trusted computing base, cross-world call

中图分类号: 

No Suggested Reading articles found!