关键词: 隐私数据, 虚拟机监控器, 内存隔离, I/O控制

Abstract: How to protect the user’s privacy data within the more and more complicated network environment catches the researchers’ attention. The operating system (OS) is prone to be attacked for its complicated implementation. The attacker can hijack the OS kernel to steal the user’s privacy data by exploiting its vulnerabilities. This paper proposes a system named PriVisor (privacy visor) to protect the user’s private data based on a lightweight VMM (virtual machine monitor) named OSV. By limiting the OS memory access operation, the OS cannot access the user’s data if it is unauthorized, which ensures the completeness of user’s privacy data. At the same time, this paper also builds a secure I/O channel by monitoring the device configuration space, which prevents the compromised OS reconfiguring the device configuration space to steal the user’s data when the user interacts with the computer. This paper verifies its security and reliability theoretically by modeling the memory protection system of PriVisor. The real attack case analysis confirms the effectiveness and security of PriVisor.

Key words: privacy data, virtual machine monitor, memory isolation, I/O control