| Virtualization is a kind of resource management technology, which abstracts and transforms various entities of computer resources such as servers, network, memory and storage. This management approaches to break barriers between the physical structures so that the user will not be limited by forms of providing resources, region and physics states of entities. Therefore, this management is an important technical foundation for cloud computing services. However, virtualization technology can make different users to handle process running on the same hardware platform of the virtual machine. At the same time, great challenges come to be faced with for the safety of users’ processes.Focused on the problem of the operation security of the process in virtual machine environment, this paper put forward a hierarchical processes isolation management scheme(HPIS) combined with I/O operation mechanism under the Xen environment. First of all, HPIS defined the sets of processes with the basic environment as the processes space. The processes space could be a container for processes with their basic operating environment elements. And the process entities in the space and spatial data were confidentiality divided into levels. Secondly, secure interaction rules were made according to different levels of confidentiality for each process. The process entities in the processes space would be monitored and examined by Hypervisor added processes control module DCM to prevent sensitive information from leaking and illegal operation. Finally, simulation experiments showed that this method had a good ability to protect virtual environments of running processes, which could meet the requirements of data confidentiality under the situation that extra overhead is not obvious. Simulation results show the feasibility and effectiveness of this model. |
PDF Full Text Request