基于代理的设备虚拟化技术及其应用  

作　　者：杨霞[1] 刘维飞 郭文生[1] 廖士钞 孙海泳 YANG Xia;LIU Wei-fei;GUO Wen-sheng;LIAO Shi-chao;SUN Hai-yong(School of Information and Software Engineering, University of Electronic Science and Technology of China Chengdu 610054)

机构地区：[1]电子科技大学信息与软件工程学院,成都610054

出　　处：《电子科技大学学报》2017年第6期883-889,共7页Journal of University of Electronic Science and Technology of China

基　　金：中央高校基金(A03017023701169;ZYGX2015J066)

摘　　要：随着智能手机逐步成为人们工作和生活不可或缺的随身设备,其安全性和用户隐私问题也越来越突出。为解决该问题,提出一种基于Linux容器技术的方法,在同一台手机设备上建立多个虚拟手机系统,使多个相互隔离的Android系统同时运行。为了使多个子系统共享同一台设备资源,提出了基于代理的设备虚拟化技术,并以手机的Radio设备为例实现了该技术。然后,在一个实现了的原型系统上的测试结果表明每个虚拟手机系统均可正常使用所有物理设备,说明该方法可有效地实现设备的虚拟化。最后,通过对多系统的数据隔离、系统资源开销的测试验证了该方法的可行性。由于各虚拟手机系统之间相互隔离、互不影响,因而很好地保护了用户数据的隐私。此外,即使某一个Android子系统出现运行故障或者被恶意攻击,其他子系统照样可以正常运行,从而提高了整个系统的安全性。同时,各子系统的应用和功能可以根据不同的应用场景和需求特别定制,可满足用户的个性化需求。As the mobile phone plays a more important role in our life,the problem about security and privacy of smart phone become more prominent.To solve this problem,this paper presents an approach to implement more virtual phone(VP),which is based on Linux container technology,running two or more Android systems in a single smart phone device.In order to allow each VP uses devices concurrently,we present a virtualization technology based on device proxy,and realize it on radio device.A prototype system is implemented on Nubia Z7max smartphone and the functionality of virtualization,data isolation etc.are tested.The experiment results show that our approach is useful and feasible.Each VP can simultaneously shares devices,user’s data about devices and applications are isolated between isolated Android systems,and the system cost is kept in allowable range.Due to the VPs are isolated each other,there are three benefits:this approach can protect the user’s privacy effectively,even one VP is corrupted the whole system can still work,and it also can satisfy user’s personalized demand because the VP’s functions can be customized by application scenarios and user’s requirements.

关 键 词：ANDROID操作系统 设备虚拟化技术 Linux容器 智能手机 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]