下载后可任意编辑基于虚拟化的系统安全增强及显卡透传讨论侯建宁 1,董贵山 2,王银 3,申娅 4(1 中国电子科技集团第三十讨论所,四川 成都,610041;2 中国电子科技集团第三十讨论所,四川 成都,610041;3 中国电子科技集团第三十讨论所,四川 成都,610041;4 成都卫士通信息产业股份有限公司,四川 成都,610041)摘要:本文着重于探讨系统虚拟化技术在终端安全领域的应用前景以及在推广应用中所面临的显卡性能问题的解决办法。针对个人终端操作系统安全问题,提出了一种基于系统虚拟化技术的操作系统安全增强模型,并基于 KVM 虚拟机深化讨论了提高该模型下虚拟机显示性能的显卡透传技术的具体实现。实验结果证明显卡透传技术能够突破虚拟机客户操作系统的显示性能瓶颈问题,使得客户机操作系统能够像真实操作系统一样满足图形显示与处理应用,对虚拟技术在终端安全领域的进展拓展了更宽阔的空间。关键词:系统虚拟化技术;系统安全增强;KVM 虚拟机;显卡透传;直接地址映射;PCI 配置空间The Research on Virtualization-Based System Security Enhancements and Graphics Card Pass-ThroughHOU Jian-Ning1,DONG Gui-Shan2,WANG Yin3,SHEN Ya4(1.No.30 Institute of China Electronics Tecnology Group Corporation,Chendu,Sichuan 610041,China;2. No.30 Institute of China Electronics Tecnology Group Corporation,Chendu,Sichuan 610041,China;3.No.30 Institute of China Electronics Tecnology Group Corporation,Chendu,Sichuan 610041,China;4.Westone Information Industry Inc.Chendu,Sichuan 610051,China)下载后可任意编辑Abstract: This paper focuses on the prospect of system virtualization technology which applications in the terminal security field, and investigate the solution of the graphics performance problem when people promote the technology. For security issues of personal terminal operating system, this paper propose a security Enhancements model based on the system virtualization technology on operating system, and in-depth study implementation of graphics Card pass-through technology to improve virtual machine performance bas...