检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
出 处:《华中科技大学学报(自然科学版)》2014年第11期74-79,共6页Journal of Huazhong University of Science and Technology(Natural Science Edition)
基 金:国家重点基础研究发展计划资助项目(2014CB340600);国家自然科学基金重点资助项目(61332019);国家自然科学基金资助项目(61173138;61272452);湖北省重点新产品新工艺研究开发资助项目(2012BAA03004);企业合作资助项目(YB2012120174;YB2013110084)
摘 要:针对虚拟化环境中用户进程运行安全问题,提出一种适用于虚拟化环境的进程隔离方法.该方法引入安全域作为进程隔离保护的基本单元,安全域是进程以及进程运行过程中依赖的环境构成的整体,通过建立安全域之间的依赖关系和安全域之间信息的交换规则,确保进程初始安全和运行过程中的隔离性.给出了安全域的相关概念和形式化描述,以及安全域之间信息流交换和依赖关系的建立方法和相关证明.以Xen虚拟化系统为基础,给出了该保护方法的具体实现以及实验结果,实验结果分析表明:该方法在虚拟化环境中能够抵御多种攻击手段,额外执行开销不超过10%.To solve the security problems of user process under virtualization environment ,a process isolation solution was proposed for virtualization environment .In our solution ,the security domain serves as the most basic unit w hich is made up of process and its runtime environment .T he informa-tion flow exchange rules and dependencies relationship between securities domains were utilized to en-sure the isolation of different processes .T he concepts and formal description of the security domain , as well as the construct method and proof of information flow exchange rules and dependencies rela-tionship were presented .Finally ,based on Xen hypervisor system ,the realization method of the mod-el and the analysis of the results were given .Experiment showed that our solution can prevent the process from many attack and the overhead is below 10% .
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.188