基于Xen隔离的嵌入式Linux系统安全增强技术

发布时间：2018-07-06 18:45

本文选题：虚拟化技术 + 嵌入式　；参考：《南京理工大学》2013年硕士论文

【摘要】：随着嵌入式系统在互联网中的应用日益普遍,系统的安全问题越来越成为人们关注的焦点,引入虚拟化来解决安全问题也成为嵌入式领域研究的热点问题。随着嵌入式硬件性能的不断提升,虚拟化技术和嵌入式的结合也成为可能。国外的公司和大学也在积极地投入大量的人力和财力对嵌入式虚拟化技术进行研究。嵌入式虚拟化技术将会给嵌入式领域带来巨大变化,值得关注。本文在全面完整地回顾虚拟化技术的相关理论和技术基础上,提出了应用在嵌入式系统中的虚拟化安全方案,设计并实现了基于Xen的隔离安全模型,论文的主要工作如下： (1)对当前嵌入式系统和Linux内核面临的威胁进行了详细的综述,同时从实现层次和技术角度分类地介绍了虚拟化技术,最后阐述了嵌入式虚拟化技术在解决以上安全问题的优势。 (2)对Xen体系结构和实现方法进行了详细的综述,阐述了将Xen应用在ARM上的思想。 (3)通过与Xen传统实践模型对比,提出了基于Xen的隔离安全模型,同时阐述了隔离各组成模块的功能。最后在此基础上实现了隔离安全模型。 (4)针对缓冲区溢出漏洞,对Xen传统模型和隔离模型进行对比攻击实验,从侧面说明隔离模型在保护系统安全方面的突出优势。论文最后分析了已有研究中存在的不足,并对未来的研究内容进行了展望。
[Abstract]:With the increasingly common application of embedded systems in the Internet, the security of the system has become the focus of attention, the introduction of virtualization to solve security issues has become a hot issue in the field of embedded research. With the continuous improvement of embedded hardware performance, the combination of virtualization technology and embedded system becomes possible. Foreign companies and universities are also actively investing a lot of human and financial resources to research embedded virtualization technology. Embedded virtualization technology will bring great changes to the embedded field, which deserves attention. Based on a comprehensive review of the relevant theories and technologies of virtualization technology, this paper proposes a virtualization security scheme applied in embedded systems, and designs and implements an isolated security model based on Xen. The main work of this paper is as follows: (1) the threats to embedded system and Linux kernel are summarized in detail, and virtualization technology is introduced from the aspects of implementation level and technology. Finally, the advantages of embedded virtualization in solving the above security problems are described. (2) the architecture and implementation of Xen are summarized in detail. The idea of applying Xen to arm is expounded. (3) by comparing with the traditional Xen model, the isolation security model based on Xen is put forward, and the function of isolating each component module is expounded. Finally, the isolation security model is implemented. (4) aiming at buffer overflow vulnerability, the Xen traditional model and isolation model are compared with each other to illustrate the outstanding advantages of isolation model in protecting system security. At the end of the paper, the shortcomings of the existing research are analyzed, and the future research contents are prospected.
【学位授予单位】：南京理工大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP368.1;TP316.81

【参考文献】