Secure Computing Environment Based On Lightweight Virtual Machine Monitor

This thesis implements S-LVMM(Secure Lightweight Virtual Machine Monitor)based on BitVisor lightweight virtual machine monitor architecture and Intel hardwareassisted virtualization technology.Then use this S-LVMM to build a secure computing environment for the operating system and protect the personal computer.This thesis makes appropriate modifications and expansions to address the shortcomings of BitVisor.The main contents of this thesis are as follows:(1)As BitVisor stores the key in memory,the key is vulnerable to cold boot attacks.This thesis uses a key management method that is resistant to cold boot attacks.First,use the SHA-256 algorithm to generate a 256-bit key based on the password.The first 128 bits of the key are used as data keys,and the last 128 bits are used as tweak keys.Then,store the key in the four debug registers of the CPU.Finally,Intel hardware-assisted virtualization technology is used so that the key can only be accessed by S-LVMM.(2)BitVisor encrypts the storage device by calling the AES encryption function in the OpenSSL library.Memory is also used during the encryption process,so it is also vulnerable to cold boot attacks.This thesis uses a data encryption method that resists cold boot attacks.The AES-NI instruction set is used to implement the AES algorithm and replace BitVisor's encryption method.Select the adjustable working mode XTS as the working mode of the AES algorithm.AES-NI implements hardware acceleration of AES by providing instructions such as aesenc,aesenclast,aesdec,and aesdeclast.These instructions are only executed on the processor and do not involve memory,so cold boot attacks can be avoided.(3)Since BitVisor does not provide the function of memory encryption,this thesis uses the memory encryption patch for BitVisor provided by HyperCrypt to implement memory encryption.Only the decrypted pages are kept in the EPT(Extended Page Table),the encrypted pages will not be inserted into the EPT.At any time,only a small working set of memory pages are decrypted pages,while the vast majority of pages are encrypted pages.Use a sliding window to keep references to these decrypted pages,and use the second chance algorithm to reduce the extra decrypted pages in the sliding window.(4)Process the I/O data intercepted by the parapass-through driver.If the logical block address corresponding to this I/O is within the pre-configured encryption range,it is further determined whether this I/O is a read I/O or a write I/O.If it is a write I/O,the data in the shadow buffer is encrypted and then copied to the storage device.If it is a read I/O,decrypt the data in the shadow buffer and then copy it to the guest buffer.(5)Reuse the BitVisor's VPN client module,analyze the implementation principle of the VPN client module,configure the parameters used by the VPN client module,use strongSwan as the VPN server,and configure the parameters of the strongSwan related configuration.Finally,the VPN connection between S-LVMM and strongSwan server was tested.