Abstract: How to protect the user’s privacy data within the more and more complicated network environment catches the researchers’ attention. The operating system (OS) is prone to be attacked for its complicated implementation. The attacker can hijack the OS kernel to steal the user’s privacy data by exploiting its vulnerabilities. This paper proposes a system named PriVisor (privacy visor) to protect the user’s private data based on a lightweight VMM (virtual machine monitor) named OSV. By limiting the OS memory access operation, the OS cannot access the user’s data if it is unauthorized, which ensures the completeness of user’s privacy data. At the same time, this paper also builds a secure I/O channel by monitoring the device configuration space, which prevents the compromised OS reconfiguring the device configuration space to steal the user’s data when the user interacts with the computer. This paper verifies its security and reliability theoretically by modeling the memory protection system of PriVisor. The real attack case analysis confirms the effectiveness and security of PriVisor.

Key words: privacy data, virtual machine monitor, memory isolation, I/O control

摘要： 在目前网络越来越复杂的计算环境中，避免计算机中用户隐私数据的泄漏是研究人员关注的焦点。当前操作系统（operating system，OS）越来越复杂，恶意程序很容易通过其漏洞劫持操作系统，从而获取用户正在运行的应用程序所访问的数据，导致用户隐私数据的泄漏。以安全轻量虚拟机监控器OSV为基础，设计了一个用户隐私保护系统PriVisor（privacy visor）。通过对操作系统内存访问进行限制，使操作系统在未经授权的情况下无法对用户隐私数据进行访问，从而保证了用户隐私数据的完整性。通过对设备配置空间的监控，建立安全I/O通道，保证被污染的操作系统无法通过对硬件设备的重配置，来获取用户与计算机进行交互时的敏感数据。对PriVisor的内存保护系统建立了模型，并对其进行了验证，保证了系统设计在理论上的安全可靠性。通过具体攻击实例的分析，验证了PriVisor可以有效地保护用户隐私不被攻击者窃取。

关键词: 隐私数据, 虚拟机监控器, 内存隔离, I/O控制