软件学报
軟件學報
연건학보
JOURNAL OF SOFTWARE
2014年
10期
2235-2250
,共16页
郑豪%董小社%王恩东%陈宝可%朱正东
鄭豪%董小社%王恩東%陳寶可%硃正東
정호%동소사%왕은동%진보가%주정동
虚拟化%可靠性%驱动隔离
虛擬化%可靠性%驅動隔離
허의화%가고성%구동격리
virtualization%reliability%driver isolation
利用虚拟化技术来整合资源已成为高性能服务器提高资源利用率的重要手段,虚拟化技术的可靠性对于高性能服务器所提供服务的质量至关重要.然而,驱动故障严重影响了虚拟机中操作系统的可靠性,也同样影响到整个服务器的可靠性.为此,提出一种在虚拟机内部通过隔离故障驱动程序来提高虚拟机可靠性的架构,该架构通过监视驱动程序所使用的内存信息来建立驱动可写权限的授权表,并在虚拟机监视器中设置虚拟机内核空间对应影子页表的写保护来捕获虚拟机的写操作,进而结合授权表判断被隔离驱动程序写操作的正确性.目前,该架构能够在无需修改驱动程序的情况下,在虚拟机内部实现对驱动程序的隔离.实验结果表明:该架构可以隔离84.63%的注入故障造成的系统崩溃失效,并且对于驱动性能的影响小于20%,提高了虚拟化环境的可靠性.
利用虛擬化技術來整閤資源已成為高性能服務器提高資源利用率的重要手段,虛擬化技術的可靠性對于高性能服務器所提供服務的質量至關重要.然而,驅動故障嚴重影響瞭虛擬機中操作繫統的可靠性,也同樣影響到整箇服務器的可靠性.為此,提齣一種在虛擬機內部通過隔離故障驅動程序來提高虛擬機可靠性的架構,該架構通過鑑視驅動程序所使用的內存信息來建立驅動可寫權限的授權錶,併在虛擬機鑑視器中設置虛擬機內覈空間對應影子頁錶的寫保護來捕穫虛擬機的寫操作,進而結閤授權錶判斷被隔離驅動程序寫操作的正確性.目前,該架構能夠在無需脩改驅動程序的情況下,在虛擬機內部實現對驅動程序的隔離.實驗結果錶明:該架構可以隔離84.63%的註入故障造成的繫統崩潰失效,併且對于驅動性能的影響小于20%,提高瞭虛擬化環境的可靠性.
이용허의화기술래정합자원이성위고성능복무기제고자원이용솔적중요수단,허의화기술적가고성대우고성능복무기소제공복무적질량지관중요.연이,구동고장엄중영향료허의궤중조작계통적가고성,야동양영향도정개복무기적가고성.위차,제출일충재허의궤내부통과격리고장구동정서래제고허의궤가고성적가구,해가구통과감시구동정서소사용적내존신식래건립구동가사권한적수권표,병재허의궤감시기중설치허의궤내핵공간대응영자혈표적사보호래포획허의궤적사조작,진이결합수권표판단피격리구동정서사조작적정학성.목전,해가구능구재무수수개구동정서적정황하,재허의궤내부실현대구동정서적격리.실험결과표명:해가구가이격리84.63%적주입고장조성적계통붕궤실효,병차대우구동성능적영향소우20%,제고료허의화배경적가고성.
Using virtualization technology to integrate resources has become an important mean to improve the resource utilization of current high-performance servers. Thus the reliability of virtualization technology is very crucial to the service quality of high- performance server. However, the driver fault greatly impacts not only the reliability of operating system inside the virtual machine but also the reliability of the servers. In light of issue, this paper presents a driver isolation architecture inside the virtual machine to improve its reliability. It establishes the authorization table by monitoring the memory information which are used by the driver, captures the driver’s write operations by setting the write protection of the shadow page table corresponding to the kernel space of the virtual machine, and judges the correctness of write operations of the isolated driver with the authorization table. Currently, the architecture can isolate drivers inside the virtual machine without modifying them. Experimental results show that the architecture can isolate 84.63% injection faults which cause system crashes with the performance loss less than 20%, and therefore effectively improves the reliability of the virtualization environment.
