关键词: Xen, 安全虚拟机, 最小特权, 服务分离, Dom0虚拟化, XHydra

Abstract: This paper presents XHydra, a Xen-based virtual machine (VM) security architecture, which focuses on the problems of Xen??s administrative VM with bloated services and a large aggregate TCB (trusted computing base). XHydra separates Dom0 into single-purpose mini-service domains with least privilege and isolated runtime environment, based on the modularity and isolated principles used in micro-kernels. And, this architecture manages the separated mini-service domains and bi-directional shields between DomU and mini-service domains, and bridges the device channel, the device communication between DomU and mini-service domain is supported through an ingenious service monitor called Hydravisor. Finally, this paper gives a prototype XHydra based on Xen4.4, which improves the security of virtualization platform and proves that XHydra is a feasible architecture. Experiments show that, for the benchmark tests about disk performance and network performance of the prototype system, the proposed approach just incurs about 3% performance overhead compared to Xen.

Key words: Xen, security virtual machine, least privilege, service separation, Dom0 virtualization, XHydra