排序方式: 共有72条查询结果,搜索用时 15 毫秒
1.
资源隔离是计算机安全的一个重要手段,良好的安全隔离使得虚拟机技术成为近年来学术界和工业界的热点。在深入分析Linux环境下Xen完全虚拟化技术理论的基础上,设计了一个基于IntelVT技术的虚拟机安全隔离设计方案。该方案通过安全内存管理(SMM)和安全I/O管理(SIOM)两种手段进行保护,完善了Xen宿主机系统与虚拟机系统之间的安全隔离,为Xen虚拟机在实际的安全隔离环境中的应用提供了较高的安全保障。 相似文献
2.
This paper is a continuation of our last paper [1] which describes the theory of Virt-BLP model. Based on Virt-BLP model, this paper implements a mandatory access control (MAC) framework applicable to multi-level security (MLS) in Xen. The Virt-BLP model is the theoretical basis of this MAC framework, and this MAC framework is the implementation of Virt-BLP model. Our last paper focuses on
Virt-BLP model, while this paper concentrates on the design and implementation of MAC framework. For there is no MAC framework applicable to MLS in virtual machine system at present, our MAC framework fills the blank by applying Virt-BLP model to Xen, which is better than current researches to guarantee the security of communication between virtual machines (VMs). The experimental results show that our MAC framework is effective to manage the communication between VMs. 相似文献
3.
Marcelo Pereira da Silva Rafael Rodrigues Obelheiro 《International Journal of Parallel, Emergent and Distributed Systems》2017,32(4):348-367
With the ever increasing dependence on computers and networks, many systems are required to be continuously available in order to fulfil their mission. Virtualization technology enables high availability to be offered in a convenient, cost-effective manner: with the encapsulation provided by virtual machines (VMs), entire systems can be replicated transparently in software, obviating the need for expensive fault-tolerant hardware. Remus is a VM replication mechanism for the Xen hypervisor that provides high availability despite crash failures. Replication is performed by checkpointing the VM at fixed intervals. However, there is an antagonism between processing and communication regarding the optimal checkpoint interval: while longer intervals benefit processor-intensive applications, shorter intervals favour network-intensive applications. Thus, any chosen interval may not always be suitable for the hosted applications, limiting Remus usage in many scenarios. This work introduces Adaptive Remus, a proposal for adaptive checkpointing in Remus that dynamically adjusts the replication frequency according to the characteristics of running applications. Experimental results indicate that our proposal improves performance for applications that require both processing and communication, without harming applications that use only one type of resource. 相似文献
4.
5.
6.
一个基于虚拟机的日志审计和分析系统 总被引:1,自引:0,他引:1
SNARE是Linux操作系统的一个日志审计和分析工具,但它容易受到攻击。提出了一个新的方法被用来保护它免受攻击。运用虚拟机监控器的功能,SNARE被移植到运行在虚拟机监控器Xen上的两个虚拟机中,SNARE的两个主要部分——Linux内核补丁和审计后台进程被分隔而分别放入两个被Xen强隔离的虚拟机。Xen提供了两个虚拟机间共享内存的机制,运用这一机制,运行在一个虚拟机上的Linux内核补丁记录并转移审计日志到运行在另一个虚拟机上的审计后台进程。与传统的SNARE相比,新方法使攻击者毁坏或篡改这些日志更加困难。初步的评估表明这个原型是简单而有效的。 相似文献
7.
Yaozu Dong Xiaowei Yang Jianhui Li Guangdeng Liao Kun Tian Haibing Guan 《Journal of Parallel and Distributed Computing》2012
Virtualization poses new challenges to I/O performance. The single-root I/O virtualization (SR-IOV) standard allows an I/O device to be shared by multiple Virtual Machines (VMs), without losing performance. We propose a generic virtualization architecture for SR-IOV-capable devices, which can be implemented on multiple Virtual Machine Monitors (VMMs). With the support of our architecture, the SR-IOV-capable device driver is highly portable and agnostic of the underlying VMM. Because the Virtual Function (VF) driver with SR-IOV architecture sticks to hardware and poses a challenge to VM migration, we also propose a dynamic network interface switching (DNIS) scheme to address the migration challenge. Based on our first implementation of the network device driver, we deployed several optimizations to reduce virtualization overhead. Then, we conducted comprehensive experiments to evaluate SR-IOV performance. The results show that SR-IOV can achieve a line rate throughput (9.48 Gbps) and scale network up to 60 VMs, at the cost of only 1.76% additional CPU overhead per VM, without sacrificing throughput and migration. 相似文献
8.
DMM:A dynamic memory mapping model for virtual machines 总被引:2,自引:0,他引:2
CHEN HaoGang WANG XiaoLin WANG ZhenLin ZHANG BinBin LUO YingWei & LI XiaoMing 《中国科学:信息科学(英文版)》2010,(6):1097-1108
Memory virtualization is an important part in the design of virtual machine monitors(VMM).In this paper,we proposed dynamic memory mapping(DMM) model,a mechanism that allows the VMM to change the mapping between a virtual machine's physical memory and the underlying hardware resource while the virtual machine is running.By utilizing DMM,the VMM can implement many novel memory management policies,such as Demand Paging,Swapping,Ballooning,Memory Sharing and Copy-On-Write,while preserving compatibility with va... 相似文献
9.
10.
提出了基于云计算的医学图像流媒体服务传输系统,此系统将医疗设备和PACS进行整合,将来自于各个医疗设备的图像用扫描仪扫描为数码图像,并以流媒体的形式实时提交给远程服务器端。在云数据库虚拟化存储平台上,用先进的流媒体技术解决了医疗资源共享和高分辨率图像连续存储问题。实验结果表明, 与传统服务器在LAN(Local Area Network)、TANet(Taiwan Academic Network)和家庭网络中使用FTP传输相比,建立的云计算医学图像流媒体服务传输系统的网络传输率分别提高了45.6%、49.4%和8.1%。 相似文献