基于Xen硬件虚拟化的磁盘文件操作监控系统

发布时间：2018-07-05 06:35

本文选题：虚拟化 + 监控　；参考：《西安电子科技大学》2014年硕士论文

【摘要】：虚拟化的自身安全问题与虚拟化技术的快速发展如影随形。虚拟机上磁盘数据的安全关乎整个虚拟系统能否正常运行。在实践和理论上，虚拟机和物理机器有着无法忽视的差别，一些传统的监控技术难以应用和推广。因此，需要将监控技术和虚拟技术有机结合起来。在这种现实情况下，基于虚拟化平台的磁盘文件监控技术走进了人们的视线。本文具体研究Xen硬件虚拟化平台的实现，Linux内核以及虚拟文件系统。针对实时性监控和细粒度监控的问题，以运行在Xen硬件虚拟化平台上的类Unix或Linux操作系统为前提，提出了一种新的监控方法，设计了一种新型的磁盘文件监控系统。该系统主要包括四个模块：监控模块、信息发送模块、监听模块和安全模块。监控模块部署在DomU，实时监控DomU中所有涉及改变磁盘文件内容及属性的操作并产生监控信息；信息发送模块和监听模块实现DomU和Dom0之间通信；安全模块部署在安全级别较高的Dom0以避免自身受到攻击的威胁，，保证信息发送模块和监控模块运行时的安全。本文详细阐述各个模块的设计和具体实现，对系统进行了测试并完成结果评估。
[Abstract]:The security of virtualization itself is closely related to the rapid development of virtualization technology. The security of disk data on virtual machine relates to whether the whole virtual system can run normally. In practice and theory, the difference between virtual machine and physical machine can not be ignored, and some traditional monitoring techniques are difficult to be applied and popularized. Therefore, it is necessary to combine monitoring technology with virtual technology. In this kind of reality, the disk file monitoring technology based on virtualization platform has come into the sight of people. This paper studies the implementation of Xen hardware virtualization platform Linux kernel and virtual file system. Aiming at the problems of real-time monitoring and fine-grained monitoring, a new monitoring method is proposed based on Unix-like or Linux operating system running on Xen hardware virtualization platform. A new disk file monitoring system is designed. The system consists of four modules: monitoring module, information sending module, monitoring module and security module. The monitoring module is deployed in Domu, real-time monitoring all operations related to changing the contents and attributes of disk files in Domu and generating monitoring information, and the information sending module and listening module realize communication between DomU and Dom0. The security module is deployed in Dom0 with high security level to avoid the threat of attack on itself and to ensure the security of the message sending module and monitoring module. The design and implementation of each module are described in detail. The system is tested and evaluated.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP277;TP333

【参考文献】