Dissertation > Excellent graduate degree dissertation topics show

Virtual domain access control system protection mechanisms

Author: YangKai
Tutor: ZouDeQing
School: Huazhong University of Science and Technology
Course: Information Security
Keywords: Hypervisor Virtualization Memory protection Access Control System Tactics
CLC: TP309.2
Type: Master's thesis
Year: 2011
Downloads: 27
Quote: 0
Read: Download Dissertation

Abstract


In the traditional case, the malicious software in the system run levels and mandatory access control systems usually run level is the same, are in the operating system kernel level, so that the malware can enforce access control systems and other security systems attack, destroy the normal operation of the security software or turn off security software policy checks. Because the operating system kernel vulnerabilities are inevitable, so this problem can not be resolved under the traditional architecture. Cloud computing has recently become industry and academia research hotspot, virtualization cloud computing platform as one of the technologies essential for implementation in modern computer systems more widely used, from individual systems to the web server and data centers, from the client to the server, you can see the figure of virtualization. The hypervisor may provide a small and secure trusted computing base, with good barrier properties and high privilege resistance, many researchers use a virtual machine monitor safety features to solve the security problems of traditional architecture. In the virtual domain access control system protection mechanism solutions, access control system can be divided into three parts: the security policy management module, security and policy enforcement server module module. Security Policy Management module and the module is in a safe secure server operating system, the use of hypervisor isolation and secure operating system security to ensure their safety. To speed up the guest operating system and secure operating system security policy decisions between the information exchange, the client operating system to add a policy decision cache module. In order to achieve active defense system performance and reduce overhead, policy enforcement module is placed in the guest operating system. Policy decision cache module and the module's security policy enforcement is to protect the memory protection mechanisms. Virtual domain access control system protection mechanisms prototype system SEVD (Security-Enhanced Virtual Domain, referred SEVD) is the Xen virtualization platform to achieve. Test results show that the system can effectively protect SEVD guest operating system access control system security, be able to withstand the popular Rookit attack; in terms of performance, with SELinux access control systems, the performance overhead is not increased; function, the realization of the virtual centrally configure security policy environment, effectively reducing the complexity of security policy management.

Related Dissertations

  1. The Effective Conversion Tactics of High School Students with Learning Disabilities in Maths,G633.6
  2. Research on Problem of Medical Protection of Migrant Workers,R197.1
  3. Development and Application of Primary and Secondary School Teachers’ Impression Management Tactics Questionnaire,G632.4
  4. Causes and Teaching Countermeasures of the Math Slow-learners in High School,G633.6
  5. The Design and Implementation of Tactical Teaching and Training System for Detachment,TP311.52
  6. School management strategy,G471
  7. Key programs for university teaching reference repository construction applied research,G642.3
  8. Evolution of Volleyball Competition Rules modify the impact of the development of volleyball,G842
  9. Athletics badminton techniques and tactics of the grandson strategy Thought,G847
  10. Aseptic pharmaceutical production enterprises to implement the 2010 version of GMP Strategy,F203
  11. Collaborative research in schools and Children's Palace,G244
  12. City of brand building and communication strategy,G206
  13. The Research on the Tactics Comparison of Chinese Dynasty and Northern Ethnics in Qin and Han Dynasty,K232
  14. The Study of the Redevelopment of Materials in New Curriculum Implementation,G423.07
  15. The Strategies for Elevating Pre-school Children’s Self-Management Capabilities through the Perspective of Ecological Education,G610
  16. A Study on Collaborative Education Strategy in Primary School under Network Environment,G629.2
  17. The Research of Teacher Inquires in Elementary School Language Classroom,G623.2
  18. Under the Background of the New Curriculum of Senior High School Chinese Spoken Communication Teaching Optimization of Effective Strategy Research,G633.3
  19. The Literature Text Close Reading Strategy Research in the Middle School Language Reading Teaching,G633.3
  20. Researching Dialogue Teaching Strategy in "Poetry Anthology",G633.3
  21. The Study of the Strategies of the Active Participation in the Class Teaching of the History in Senior High School,G633.51

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > General issues > Security and confidentiality > Data security
© 2012 www.DissertationTopic.Net  Mobile