| The emerging of virtualization technology changes the computer architecture and bring new solution to traditional security problems. Common virtual machine monitor like Xen can provide multiple executable environments and keep the isolation between each other. So applications of different security demand can be deployed into different guest operating system. With the enhancement of the privilege of the virtual machine monitor, security components can be set up in the virtual machine monitor, and monitor the inner events happened in the virtual machine. However, traditional virtual machine monitor will suffer obvious problems when it is applied in client ends. Performance penalty of virtualization technology, especially full virtualization costing at least 20% performance degradation, leads to low user experience on client end. Even virtualization can bring better security guarantee, client users will not adopt it.Targeting on this problem, the concept of light weighted virtual machine monitor is proposed. Light-weighted virtual machine monitor utilizes the hardware-assistant technology, and servers for only one operating system. It doesn't provide device drivers and can't create more virtual machines, so the codes are much less than common virtual machine monitor. At the sametime, light-weighted virtual machine can implanted into the operating and revoked dynamically which maximumlly maintain the user experience. Light-weighted virtual machine monitor owns higher privilege than the operating system with shadow page table mechanism integrated, according to the characteristics of hardware-assistant virtualization, transparently monitors events happened in the guest operating system, and achieve the goals of maintaining security and user experience at the same time.In order to testify the efficiency of light-weighted virtual machine monitor, this thesis aimes on common security problems, keeping the integration of Linux kernel and protecting the I/O of keyboards on Windows operating system, even the OS kernel has been attacked by kernel-level keyboard recorder. |