Research And Implementation Of A Microkernel-based Virtualization Technology For Mobile Devices

With the development of embedded software technology, smart mobile devices are becoming increasingly popular. Constantly expanding functions and rich software support of the technology makes our daily life more and more convenient. And now many smart mobile devices meet the need of office, greatly reduce the cost of office as well as improve work efficiency. But widespread use of smart mobile decices also brings a series of problems and challenges on security.Personal mobile devices being used for work may cause damage to the enterprise security environment. If the mobile device access to the public network, the data communications may be monitored and the information may be leaked. If devices with malicious applications access the enterprise network, enterprise security environment may be polluted. All of these bring great losses to enterprises. Therefore, need a technology to build a secure environment on the mobile devices. This security environment would have a strong isolation, so that the data and information will not be obtained by malicious applications.In order to solve above problems, this thesis uses virtualization and microkernel technology, takes isolation and performance as the basic requirements, to construct a microkernel system, which can run multiple independent Android environments upon a single hardware platform. The main contents are as follows:(1) For isolation, this thesis implements a tree structure system which uses components as nodes. Each component has its own separate address space. And the thesis implements a method which uses memory management unit(MMU) to isolate components from the hardware. So that components can not accesse each other directly.(2) In order to reduce the degree of coupling between components, this thesis implements a C/S communication method between the components, which is managed by the microkernel. Adopt a mechanism which forces users to explicitly configure the service. So that communication between components becomes controllable and security. And implements a session-based approach to get service. Abstract the service interfaces of the system to unified session interfaces. Client components use session interfaces to interact with the service component, which makes development more flexible.(3) To improve the micro-kernel performance, on the base of multicore hardwarecharacteristics, the thesis implements the support of multi-core processors, so thatcomponents can run in parallel on multi-core processors.(4) The isolation and the performance of multi-core optimized has been tested on Pandaboard. Tests show that the system meets the requirements of isolation; compared to no optimization, optimized system indeed improves the parallel computing capabilities of the system.Currently, the research area of mobile terminal virtualization still has many challenges. The method of this thesis studied and implemented provides virtualization technology practice and verification, to which apply mobile terminal security.