基于HIPS技术的虚拟机文件访问控制研究与实现-计算机应用技术专业论文.docxVIP

式，这种访问控制形式最终以访问控制规则集的形式体现。本文通过采 用 HIPS 技术中最先进的 Runtime patching 技术，编写内核态过滤函数， 以从服务器获得与角色对应的规则集为依据过滤对文件进行操作的行 为；进而针对在 Windows XP 环境下安装 VMware Player 虚拟机的全虚拟 化技术实现了对虚拟机与宿主机之间的文件访问控制。 关键词：HIPS 技术，虚拟机技术，访问控制，Rootkit Research and Implementation of HIPS Technology based File Access Control between Host and Virtual Machine ABSTRACT Virtualization, firstly mentioned by Christopher Strachey in his report: Time sharing in large, fast computers, in the international conference on information processing, in Paris, June, 1959. Since then, Virtualization technology has been made great progress. Now, Virtualization technology is widely applied in the information systems, as it behaves excellently in saving resources and centrally management. Sever virtual machine, one kind of the typical virtualization products, has been widely used in the enterprise information construction. However, the terminal virtual machine product is now rarely used in the high requirement of secure isolation organization. Basically, there are two reasons. On the one hand, these organizations has strict policy of secure isolation, on the other hand, the secure isolation of terminal virtual machine now is not that unassailable. So, strengthen the secure isolation of terminal virtual machine becomes a vital problem. This article focused on this problem and tried to make file access between the virtual machine and the host can be controlled and securely. Based on some research on file access between the virtual machine and the host, access control Matrix, RBAC (Role Based Access Control) and OBAC (Organization Based Access Control), the article designed a model for file access between the virtual machine and the host and proposed some division principles of users and roles. The new model presents as access control rules set. In the article, we applied the most advanced HIPS technology: Runtime patching in the programming of the Kernel filter functions, which is considered to filter process behavior of manipul