上海交通大学学报(自然版) ›› 2018, Vol. 52 ›› Issue (10): 1339-1347.doi: 10.16183/j.cnki.jsjtu.2018.10.024

• 学报(中文) • 上一篇    下一篇

计算机系统隔离研究

夏虞斌,陈海波,管海兵   

  1. 上海交通大学 电子信息与电气工程学院, 上海 200240
  • 通讯作者: 管海兵,男,教授,博士生导师,电话(Tel.):021-34207082;E-mail:hbguan@sjtu.edu.cn.
  • 作者简介:夏虞斌(1982-),男,上海市人,副教授,主要研究方向为操作系统.
  • 基金资助:
    国家重点研发计划(2016YFB1000104),国家自然科学基金(61732010,61572314)资助项目

Research on Computer System Isolation

XIA Yubin,CHEN Haibo,GUAN Haibing   

  1. School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China

摘要: 系统隔离是计算机系统整体可靠性、可扩展性的重要支撑技术.传统的系统隔离基于权限构建的层次隔离模型,在设计上将软件分为不同层次,层次由下而上权限不断降低,底层高权限软件层负责对上层低权限软件进行隔离.近年来,随着硬件层不断涌现出硬件辅助虚拟化、ARM TrustZone、Intel SGX(Software Guard Extension)等新技术,离散隔离模型渐渐成为研究热点,为传统的系统软件带来了诸多机遇和挑战.

关键词: 隔离, 操作系统, 虚拟化, 硬件安全扩展

Abstract: System isolation is a key enabling technology for reliability and scalability of computer system. Traditional system isolation is based on privilege layering, which is known as “layered isolation model”. Software is divided into different layers, the lower layer has the higher privilege, which is responsible for the isolation of up-layer software. Recently, as new hardware extensions keep evolving, including hardware assisted virtualization, ARM TrustZone, Intel SGX (Software Guard Extension), a new model, named “disaggregated isolation model”, is becoming a hot research topic, which brings new opportunities and challenges to traditional system software.

Key words: isolation, operating system, virtualization, hardware security extension

中图分类号: