It is beneficial for system security to improve the CVMM's ability of self-protection by combining the advances of VM's identification and VMM's supervision.
According to the classical descriptions about existence conditions of covert channel , this paper summarizes the basic requirements to build storage channel combining with the properties of CVMM. And all of them have been met during the implementation.
2) For the invalid assumption of VMM's security, a perceiving mechanism from SMD to VMM based on the distinctive parallel structure of CVMM is established to ensure the integrity of VMM's memory.
We have implemented the perception security model shown in Figure 11 on CVMM. The hardware and software environment of implementation is shown in Table 2 and Table 3.
Finally, we evaluate the overhead of these two mechanisms, and then evaluate the performance of perception security model when the proposed two mechanisms are both applied in CVMM simultaneously.
The proposed model is implemented based on CVMM platform which provides the support of hardware-assisted virtualization technology (VT-x, VT-d, etc.).
CVMM converts an ordinary VM into a privileged IOPM by the way of hardware partitioning, allowing it to directly control parts of hardware resource.
CVMM makes full use of characteristics of multi-processor architecture and hardware virtualization to manage and allocate virtual resource.
The overheads, generated by six applications run respectively in original system and CVMM, are compared by evaluating the system performance after bringing in the security mechanism.