The Design And Implementation Of A Secure Channel Of The Sensitive Process In Xen Guest Virtual Machine

With the recent vigorous development of computer technology, the cloud computing has become one of the hot topic in the field of Information Technology. Virtualization technology is an important branch of cloud computing. Xen is an open source system software which has been widely used for virtualized environments and it has a good prospect. However, in the split device driver model of Xen, data transfer via the frontend and the backend device drivers between the client VM(Domain U) and the host(Domain 0). The secure data transmission mainly depends on the grant table(the access control mechanism of Xen) to achieve. Because the frontend driver puts plain text into the memory designated by grant table, once the grant table has been destroyed, the attacker would take the chance to obtain the user’s sensitive data in shared memory. If the shared memory is stored in the user’s sensitive data, then this time will seriously affect the security of user data, in order to ensure the safety of such a case occurs in a virtual machine client user data, this paper has carried out the following tasks:First, analyze the Xen-Based security technology research at home and abroad, and summarize the previous research methods and the research content about the virtual machine security which the researchers ever used.Secondly,in order to eliminate the security risks the users may occur when they are transferring data, I propose the concept of “Secure Channel”. It will reprocess the user’s communication data in order to ensure the safety of their information. In the secure channel, I also design a user interface for the secure channel to facilitate the users. Users can determine the direction of data transmission through "custom switch" of the secure channel. When the user wants to send the sensitive data, he just simply opens a secure channel switch, and then the transmitted data take the secure channel to go. When the user finds his data is not necessary to take the secure channel, he could turn off secure channel switch and then the data will go to the general channel, this style is controllability that can make customer use the computer performance reasonably.Then, I will realize the security channel. The success of secure channel, even if the grant table in Xen had been tampered with, we also can prevent the disclosure of sensitive user data. Before sending sensitive data from Domain U to the backend, the data is encrypted, even if the attacker find the target data through the user’s grant table. His goal has not to achieve. When the cipher text data send to the backend driver, the backend driver in Domain 0 will decrypt them. At this time, the cipher text data has become the plaintext data. The secure channel does not affect the users too much. In the secure channel, I also introduced the concept of trusted computing; it will handle the key management. After the user data has recovered, the restore data will be followed by the native device drivers, network cards, sent to the destination computer outside of the virtual machine.Finally, after completing the secure channel model, we need to test it. We demonstrate the feasibility of safe channel through the testing of the prototype system; it has improved the safety factor when the client is communicating with others.