Xen Virtual Disk Encryption System Design Based On The Technology Of VT-X

With the rapid development of computer technology and the Internet technology,cloud office no longer stays in the conceptual stage. Many large enterprises andcompanies have begun building internal network-integrated office systems. Thevirtualization technology is an important prerequisite to realize the cloud-office concept.A server can hold many virtual machines and run many GuestOS in parallel. The userjust needs to use a thin client to connect the server can enjoy the office environment likein PC. In this way, the companies can both save costs and improve resource utilizationrate.Xen is based on x86architecture and favored by various cloud service providers. Itis an open source virtualization technology product which has a fastest-growing, stableperformance, and takes up the least resources. Citrix Company launched virtual desktopproduct called “Virtual Desktops” completely using Xen kernel virtualization solution.Xen itself does not take much into account to the needs of the security isolation, so thereare many security risks in it. For example, the user’s virtual disk mirror is completelystored in clear text, which easily leads to the problem of leakage of user’s data; User’sremote operations are not encrypted, which are easyly to be intercepted.This thesis focuses on the virtual disk technology in Xen VT-x virtualizationsolutions, abd find out the way to encrypt the data of virtual disks. Based on these jobs,we designed and implemented a Xen virtual disk encryption system. With this system,the virtual disk image file can be stored in the form of ciphertext, and can prevent itfrom being illegallt parsed.In this thesis, we design and implement a Xen virtual disk encryption system. Wehave done the following works.(1) We design a centralized key management server to manage user’s identityinformation, which can assure the safety of user’s keys.(2) We design a mechanism for encrypting user login data and authentication,which can ensure the safety of the user login.(3) We propose a partitioned and symmetric encryption program to encrypt disk data. The program can realize real-time encryption without affecting virtual machinenormal running, and make the encryption process is transparent to the user.(4) We put forward an encryption algorithm dynamic extension program anddesign the interface specification. It makes the encryption algorithm can be replaced andbe loaded as a module. Users can choose different encryption algorithms according totheir requirements.(5) Finally, we implement the above design and build a test platform. We makefunction tests about user login and disk protection, which verify the validity andstability of the system. And we make performance tests about the encryption anddecryption system, which verify the encryption performance reach the user’srequirement.