A Security Isolation Model of Virtual Environment Based on SR-IOV Technology

doi:10.3969/j.issn.1671-1122.2016.09.017

Abstract

Abstract:

The development of virtualization technology brings about the change of computing model, but it also brings many security problems. This paper researches virtual environment safety problems, currently the mainstream security protection mode, and I/O hardware virtualization technology (SR-IOV). And then it proposes a virtual environment safety isolation model based on SR-IOV technology for the problems of the virtual computing environment safety isolation. The model devise virtual domain into different safety level according to user needs. High level domain owns dedicated physical network card and encryption card, and lower still uses traditional software simulation method implementing I/O device. SR-IOV uses the direct device technology to realize the communication of virtual domains and the physical equipment. The equipment of direct connected technology has good isolation effect, so it can achieve network data isolation and data encryption isolation according to the level of security. The experimental analysis shows that the model can improve the security isolation characteristics of virtual computing environment, and enhance the security of virtual environment. Not only it has the feasibility, but also has a good performance and efficiency.

Key words: virtual environment, SR-IOV, security isolation

CLC Number:

TP309

Mingda LIU, Longyu MA. A Security Isolation Model of Virtual Environment Based on SR-IOV Technology[J]. Netinfo Security, 2016, 16(9): 84-89.

Figures/Tables 8

References 15

[1]	冯登国,张敏,张妍,等. 云计算安全研究[J]. 软件学报,2011,22(1):71-83.
[2]	程戈. 基于虚拟机架构的可信计算环境构建机制研究[D]. 武汉:华中科技大学,2010.
[3]	慈林林. 可信网络连接与可信云计算[M]. 北京:科学出版社,2016.
[4]	廖子渊,陈明志,邓辉. 基于评价可信度的云计算信任管理模型研究[J]. 信息网络安全,2016(2):33-39.
[5]	王丽娜,高汉军,余荣威,等. 基于信任扩展的可信虚拟执行环境构建方法研究[J]. 通信学报,2011,32(9):1-8.
[6]	马威,韩臻,成阳. 可信云计算中的多级管理机制研究[J]. 信息网络安全,2015(7):20-25.
[7]	林闯等. 云计算安全:架构、机制与模型评价[J]. 计算机学报,2013,36(9):1765-1784.
[8]	郭乐深,张乃靖,尚晋刚. 云计算环境安全框架[J]. 信息网络安全,2009(7):62-64.
[9]	WAILLY A, LACOSTE M, DEBER H.Towards Multi-layer Autonomic Isolation of Cloud Computing and Networking Resources[C]//IEEE. 2011 Conference on Network and Information System Security (SAR-SSI), May 18-21, 2011, La Rochelle, France. New Jersey: IEEE, 2011: 1-9.
[10]	向林波,刘川意. 针对内部威胁的可控云计算关键技术研究与实现[J]. 信息网络安全,2016(3):53-58.
[11]	PCI SIG: PCI-SIG Single Root I/O Virtualization. [EB/OL]. , 2016-7-11.
[12]	黄智强. 基于SR-IOV的高性能I/O虚拟化研究与优化[D]. 上海:上海交通大学,2013.
[13]	郝旭东. Intel VT-d技术的研究及其在KVM虚拟机上的实现[D]. 成都:电子科技大学,2009.
[14]	李超. SR-IOV虚拟化技术的研究与优化[D]. 长沙:国防科技大学,2010.
[15]	三未信安公司云加密卡[EB/OL]. ,2016-7-12.