针对虚拟化环境自身体系结构和虚拟机之间内存映射的特点,提出一种特权域和普通域间可配置的内存隔离方法,实现对普通域内存信息的安全性隔离,在保证普通域运行过程内存信息可靠性和秘密性的同时,增强普通域内存信息管理的可维护性。%Based on the virtualized environment architecture and memory mapping between virtual machines ,a configu-rable method for preventing the privileged domain from accessing to user domain’s memory is proposed .The method imple-ments the security isolation between domains’ memory ,and this not only guarantees memory reliability and confidentiality during domain process execution ,but also enhances the maintainability of domain’s memory management .
展开▼