关键词: 虚拟机, 隔离执行, 内存保护, 虚拟机监控, 准虚拟化

Abstract: A universal architecture based on Xen was presented, which had traditional security tools transplanted on it and in the meantime guarantees their functions, such as memory and file system scanning, and active defense. Since most components of the security tools are transplanted out of a protected virtual machine, the architecture provides higher security than traditional ones. Whats more, it uses paravirtuliation I/O technology to minimize the cost of the virtual machines. Finally, this architecture allows current security technologies based on virtual machines to be integrated into itself conveniently, with no need for the operation system and application running on it to be modified.

Key words: virtual machine, isolated execution, memory protection, VM introspection, paravirtualization