关键词: 云平台, 虚拟化安全, 非可信Hypervisor, 保护机制构建

Abstract:

In this big data era, the multi-tenant cloud platform plays an important role. However, as one of the major technologies adopted in the cloud platforms, the virtualization technology is not secure enough. The Hypervisor is a key layer in the virtualization software stack that manages vital tasks between guest virtual machines and the bare metal, such as resource allocation, sharing and isolation. Meanwhile, the Hypervisor suffers from vulnerabilities along with its large attack surface, which makes attacks on the Hypervisor threaten the cloud and applications above. Therefore, constructing protection mechanisms for the untrusted Hypervisor in the cloud is necessary. Survey from the perspective of the protection mechanism's construction: analyze the feasibility and challenges, and do cla-ssifications; present the related work in this field in terms of integrity detection mechanisms, defense mechanisms, and isolation mechanisms; give research trends and provide a valuable reference for future researches on the vir-tualization security and on building a reliable multi-tenant cloud platform.

Key words: cloud platform, virtualization security, untrusted Hypervisor, construction of protection mechanism