面向云平台非可信Hypervisor 的保护机制综述

In this big data era, the multi-tenant cloud platform plays an important role. However, as one of the major technologies adopted in the cloud platforms, the virtualization technology is not secure enough. The Hypervisor is a key layer in the virtualization software stack that manages vital tasks between guest virtual machines and the bare metal, such as resource allocation, sharing and isolation. Meanwhile, the Hypervisor suffers from vulnerabilities along with its large attack surface, which makes attacks on the Hypervisor threaten the cloud and applications above. Therefore, constructing protection mechanisms for the untrusted Hypervisor in the cloud is necessary. Survey from the perspective of the protection mechanism's construction: analyze the feasibility and challenges, and do classifications; present the related work in this field in terms of integrity detection mechanisms, defense mechanisms, and isolation mechanisms; give research trends and provide a valuable reference for future researchs on the vir-tualization security and on building a reliable multi-tenant cloud platform.