[go: up one dir, main page]

WO2007022686A1 - System and method for isolating operating system - Google Patents

System and method for isolating operating system Download PDF

Info

Publication number
WO2007022686A1
WO2007022686A1 PCT/CN2006/001928 CN2006001928W WO2007022686A1 WO 2007022686 A1 WO2007022686 A1 WO 2007022686A1 CN 2006001928 W CN2006001928 W CN 2006001928W WO 2007022686 A1 WO2007022686 A1 WO 2007022686A1
Authority
WO
WIPO (PCT)
Prior art keywords
operating system
module
disk
parent
isolation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2006/001928
Other languages
French (fr)
Chinese (zh)
Inventor
Xingming Zhang
Jinqian Liang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STAR SOFTCOMM(CHINA) Ltd
Original Assignee
STAR SOFTCOMM(CHINA) Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STAR SOFTCOMM(CHINA) Ltd filed Critical STAR SOFTCOMM(CHINA) Ltd
Publication of WO2007022686A1 publication Critical patent/WO2007022686A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Definitions

  • the present invention relates to a system and method for implementing operating system isolation, and more particularly to a system and method for completely isolating storage space in an operating system, and belongs to the field of computer operating systems and computer security. Background technique
  • the computer operating system is the most important system in a computer, it is used to manage computer hardware devices, and provides an operating environment for various application software. Therefore, the reliability and security of the operating system is very important.
  • the object of the present invention is to form one or more isolated operating system operating environments by intercepting disk read/write operations and mapping read/write operations to the disk into one or more non-overlapping disk spaces. .
  • the present invention provides a system for implementing operating system isolation, including: a parent operating system module, the parent operating system module including an operating system kernel, Providing a software program for completing the basic functions necessary for the operating system; the parent operating system module reads and accesses the exclusive disk space and the disk blank space;
  • At least one sub-operating system module including any modification information made by the user to the parent operating system module; interacting with the parent operating system module to perform read access to the exclusive disk space of the parent operating system module;
  • the guest operating system module has read/write access to its exclusive disk space and disk blank space;
  • system isolation module interacts with the parent operating system module, and is configured to guide and/or establish a child operating system module according to a user instruction, and specify and/or modify the exclusive use of the parent/child operating system module. Disk space and disk blank space; the system isolation module further interacts with the parent/child operating system module to monitor read/write access of the parent/child operating system module to the disk; and an external access control module And interacting with the system isolation module to record exclusive disk space of the parent/child operating system module.
  • the present invention also provides a method for implementing operating system isolation, including the following steps:
  • Step 1 The system isolation module monitors the read/write access of the current sub-operating system module to the disk. Step 2. If it is a read access, the system isolation module returns the parent operating system module and/or the current sub-operation according to the record of the external access control module. The system module exclusively enjoys the data in the disk space;
  • Step 3 If it is a write access, the system isolation module writes the exclusive disk space or the disk blank space of the current guest operating system module according to the record of the external access control module, and modifies the record of the external access control module.
  • the present invention has the following advantages:
  • the system and method for implementing operating system isolation according to the present invention can create different and mutually isolated sub-operating system modules based on a single operating system without occupying more disk space, and the user can flexibly select and use;
  • the system and method for realizing operating system isolation by using the present invention can selectively install application software according to the purpose of creating each sub-operating system module, reduce the number of application software in each operating environment, reduce system redundancy, and increase System security and reliability;
  • FIG. 1 is a structural diagram of an embodiment of a system for implementing operating system isolation according to the present invention
  • FIG. 2 is a schematic diagram of an embodiment of an external storage access control module of the system provided by the present invention
  • FIG. 4 is a schematic diagram of a system for monitoring and intercepting disk I/O access by an isolation module of the system provided by the present invention
  • FIG. 5 is a schematic diagram of a system based on a virtual machine computer architecture of the system provided by the present invention
  • FIG. 6 is a schematic diagram of a system according to still another embodiment of a virtual machine computer architecture provided by the system of the present invention
  • FIG. 7 is a schematic diagram of a disk space distribution of a system provided by the present invention.
  • FIG. 8 is a flow chart of an embodiment of a method for implementing operating system isolation according to the present invention. detailed description
  • the parent operating system module 1, the child operating system module 21, the child operating system module 22, the system isolation module 3, and the external memory access control module 4 are included.
  • the parent operating system module 1 may include only one operating system kernel for performing the most basic functions, and the operating system kernel refers to a software program for providing basic functions necessary for the operating system; the operating system kernel that performs the most basic functions may be Linux. Or the kernel of Unix or Windows.
  • the parent operating system module 1 may also include software programs other than the operating system kernel, including applications other than the operating system kernel and the operating system kernel, to provide the basic functions necessary for the operating system and User preset function. For example, if the administrator has Office software in all operating environments, the Office software can be installed in the parent operating system module 1.
  • the guest operating system modules may be one or more, including any modification information made to the parent operating system module 1.
  • the two operating systems are described as an example.
  • the sub-operating system module 21 installs the Office software, the translation software, and other computing software programs on the basis of the parent operating system module 1 and shields the IE; the sub-operating system module 21 Together with the parent operating system module 1 constitutes a complete office operating system environment, can perform word processing and data calculation, but can not access the Internet; the sub-operating system module 22 is in the parent operating system module 1! ⁇ The game software installed on it Together with the multimedia player software, the same operating system module 1 constitutes a complete entertainment operating system environment, which can play games, watch video files and access the Internet.
  • the number of guest operating system modules is unlimited if the computer's disk space allows.
  • the sub-operating system modules 21 and 22 respectively interact with the parent operating system module 1 to perform read access to the data in the exclusive disk space of the parent operating system module 1.
  • the guest operating system modules 21 and 22 each have their own exclusive disk space, which allows read/write access to their exclusive disk space and disk blank space.
  • the system isolation module 3 monitors the read/write access of the parent operating system module 1 and the child operating system module 21 or 22 to the disk, and intercepts all write access to the exclusive disk space of the parent operating system module 1.
  • FIG. 2 it is a schematic diagram of an embodiment of an external access control module 4 in a system for implementing operating system isolation provided by the present invention.
  • the external access control module 4 is located in the disk space of the hard disk storage and is composed of a plurality of files.
  • the external access control module 4 includes: a disk bitmap file 41 of the parent operating system module 1, a disk bitmap file 4211 of the guest operating system module 21, a disk bitmap file 4221 of the guest operating system module 22, and a guest operating system.
  • the index file 4212 of the module 21 and the index file 4222 of the guest operating system module 22 are examples of the index file 41 of the parent operating system module 1.
  • Embodiments of the present invention that implement operating system isolation based on a conventional computer architecture: As shown in FIG. 3, the architecture of the present invention is based on a conventional computer architecture. Under the traditional computer architecture, the computer system can only run one operating system at a time.
  • the structure is: The lowest level is computer hardware, including CPU, hard disk, memory, graphics card, I/O interface, and so on.
  • the system isolation module 3 can be set in the BIOS in the basic input/output module of the computer, or in the computer expansion firmware interface, EFI; it can be set in the firmware of the hard disk controller (firmware); In the kernel of system module 1 or outside the kernel.
  • the system isolation module 3 is disposed in the kernel of the parent operating system module 1.
  • the user Before the parent operating system module 1 is specified, the user first needs to install an operating system in the computer.
  • the Windows operating system is taken as an example. Then, the user can perform necessary configuration on the operating system as needed, such as installation and Configure hardware drivers, configure network addresses, adjust Windows desktop resolution, and more.
  • software is required in each sub-operating system module, such as some virus protection software and personal firewall, which can be installed as needed.
  • the user sets the system isolation module 3 as a driver of the operating system in the operating system kernel. After completing the above preparation work, the user can designate the above operating system as the parent operating system module 1 through the system isolation module 3.
  • the system isolation module 3 simultaneously creates a parent operating system magnetic for the parent operating system module 1 in the external memory access control module 4. Disk bitmap file 41. Thereafter, the system isolation module 3 will monitor and intercept all read/write accesses to the disk, and will not allow any programs and systems to overwrite the programs and data in the parent operating system module 1.
  • the parent operating system disk bitmap file 41 of the parent operating system module 1 records the disk storage block status of the parent operating system module 1 for identifying the exclusive disk space of the parent operating system module 1 on the disk; for example, if If a block unit on the disk (for example, a sector is a sector) has valid data of the parent operating system module 1, the location flag corresponding to the parent operating system disk bitmap file 41 is 1. Otherwise marked as 0.
  • the child operating system modules 21 and 22 can be created by interacting with the parent operating system module 1 through the system isolation module 3 as needed.
  • the guest operating system module 21 installs the Office software, the translation software, and other computing software programs on the basis of the parent operating system module 1 and shields the IE at the same time;
  • the child operating system module 21 is the same as the parent operating system module 1 Together form a complete office operating system environment, can perform word processing and data calculation, but can not access the Internet;
  • the sub-operating system module 22 is installed on the basis of the parent operating system module 1 game software and multimedia playback software, the same mother operating system Module 1 together form a complete entertainment operating system environment that can play games, watch video files, and access the Internet.
  • the system isolation module 3 simultaneously creates sub-operating system bitmap files 4211 and 4221 for the sub-operating system modules 21 and 22, respectively, in the external storage access control module 4, and simultaneously creates sub-operating system modules 21 and 22 in the external storage access control module 4, respectively.
  • the guest operating system indexes files 4212 and 4222.
  • the sub-operating system disk bitmap files 4211 and 4221 record the disk storage block status of the sub-operating system modules 21 and 22 for identifying the exclusive disk space of the sub-operating system modules 21 and 22 on the disk; for example, if on the disk If a block unit (such as a sector, it is a sector) has valid data of the sub-operating system module 21, then the position flag corresponding to the sub-operating system disk bitmap file 4221 is 1, otherwise Is 0.
  • the sub-operating system index files 4212 and 4222 identify all the call addresses of the data dumped by the system isolation module 3 and the storage addresses after the dump and the corresponding relationship between the two. For example, when the operator rewrites the file ABC of the parent operating system module 1 whose source address is AO in the office environment, the system isolation module 3 intercepts the operation and writes the data rewritten to the file ABC into the sub-operation. The exclusive disk space of the system module 21 or the place where the address in the blank disk space is A1. The system isolation module 3 records in the index file 4212 the target storage address A1 and the source address A0 actually written by the data rewritten by the file ABC. At this point, we refer to the target storage address A1 as the index address of the source address AO.
  • the system isolation module 3 checks the index file 4212, reads the data of the address A1, and does not read the data in the AO. After the creation of the sub-operating system modules 21 and 22 is completed, the user can select to launch any of the sub-operating system modules according to their own needs when the computer is started. According to the location of the system isolation module 3, it is different from the startup sequence of the parent operating system module 1:
  • the startup sequence is as follows: The system isolation module 3 starts with the computer hardware, and the system isolation module 3 guides the user to select which operating system environment to enter, for example. The operator chooses the entertainment environment. Then, the system isolation module 3 boots the parent operating system module 1 to start, and loads the child operating system module 22 after the mother operating system module 1 is booted, thereby forming a complete entertainment operating system environment for the user.
  • system isolation module 3 When the system isolation module 3 is set in the firmware program of the hard disk controller, it is started before the parent operating system module 1, and the startup sequence is the same as the startup sequence when the system isolation module 3 is set in the BIOS or EFI.
  • the system isolation module 3 By setting the system isolation module 3 in the firmware program of the hard disk controller, the user can purchase it at the same time as the hard disk controller, avoiding manual installation and simplifying the use of the program.
  • the system isolation module 3 When the system isolation module 3 is set in the kernel of the parent operating system module 1 or outside the kernel, it is started simultaneously with the parent operating system module 1, and the startup sequence is: the computer hardware is started, and the mother operating system module 1 and the system isolation module 3 are simultaneously The system is activated, and the user is prompted to select an operating system environment. For example, if the operator selects an office environment, the system isolation module 3 boots and loads the sub-operating system module 21 to form a complete office operating system environment.
  • the parent operating system module 1 and the system isolation module 3 are respectively loaded and run according to the above different situations.
  • the system isolation module 3 since the system isolation module 3 is disposed in the kernel of the parent operating system module 1, the parent operating system module 1 Start at the same time as system isolation module 3.
  • the system isolation module 3 also loads the specified sub-operating system module 21 or 22 according to the user's selection. After that, the user can perform operations such as installing software, modifying configuration, editing files, etc. in the currently loaded parent operating system module 1 and child operating system module 21 or 22.
  • the system isolation module 3 directly monitors the read and write access to the disk. As long as the access to the read/write disk occurs, it is intercepted by the system isolation module 3, and processed according to different situations to implement the operating system. isolation.
  • the external access access control module 4 provides the disk bitmap file and the index file, and the system isolation module 3 monitors the read/write access of the mother/child operating system module disk.
  • the flow is shown in Figure 4. If it is found to be a read disk access, the system isolation module 3 first obtains the target address A0 of the read disk from the read disk access caller, and then the system isolation module 3 uses the target address AO to query the currently running sub-operation.
  • the system isolation module 3 finds that it is a write disk access, the system isolation module 3 first obtains the target address B0 of the write disk from the write disk access caller, and then the system isolation module 3 queries the currently running guest operating system module 21 using the target address B0. Or the child operating system index file 4212 or 4222 of 22, if the corresponding index address Bl exists in the B0 position in the guest operating system index file 4212 or 4222, the system isolation module 3 writes the data to the B1 position and ends the write access. Otherwise, the system isolation module writes data to the disk blank space, the write address is the index address B2; meanwhile, the system isolation module is in the position indicated by B0 in the guest operating system index file 4212 or 4222 of the guest operating system module 21 or 22.
  • the index address B2 is recorded, and the location indicated by B2 in the guest operating system disk bitmap file 4211 or 4221 of the currently running guest operating system module 21 or 22 is marked as 1, indicating that the data at this location is the guest operating system module 21. Or 22 all, after which system isolation module 3 ends the write access.
  • the interaction between the system isolation module 3 and the external access control module ensures that the user does not see the data in the exclusive disk space of other sub-operating system modules on the disk.
  • the user selects to boot into the sub-operating system module 21, and the system isolation module 3 only calls the parent operating system disk bitmap file 41, the sub-operating system disk bitmap file 4211, and the sub-operating system index file 4212 from the external storage access control module.
  • the parent operating system module 1 it can only see and read the contents of its own exclusive disk space.
  • the guest operating system module 21 it can only see the exclusive disk of the parent operating system module 1.
  • the sub-operating system module 21 is also impossible
  • the data is written to the exclusive disk space of the parent operating system module 1 and the exclusive disk space of the other guest operating system modules. Therefore, by adopting the above principle, it is ensured that the parent operating system module 1 cannot be changed, and each sub-operating system module is isolated from each other, and finally the isolation of the operating system is realized.
  • the exclusive disk space of the guest operating system module 21 or 22 can be changed.
  • the system isolation module 3 performs sub-operations.
  • the corresponding location of the system disk bitmap file 4211 is identified, and the blank disk space becomes the exclusive disk space of the guest operating system module 21.
  • the system isolation module 3 identifies the corresponding location of the guest operating system disk bitmap file 4221, and the blank disk space becomes the sub-space.
  • FIG. 5 it is a schematic diagram of implementing operating system isolation in a virtual machine architecture for a system that implements operating system isolation according to the present invention.
  • the virtual memory management module (Virtual Memory Manager, called VMM) is the core part of the virtual machine technology, running under all other operating systems, and operating system on it. Allocate and coordinate system resources.
  • VMWare's VMWare software, Microsoft's Virtual PC software, and XenSource's Xen software are all software that supports virtual machine technology.
  • two or more operating systems can be run simultaneously in the same computer system. In this embodiment, only one parent operating system module 1 is taken as an example, wherein the parent operating system module 1 is isolated by the system.
  • Module 3 directs the establishment of two guest operating system modules 21 and 22.
  • the system isolation module 3 is located in the VMM and is started simultaneously with the VMM.
  • the startup sequence is: the computer hardware is started; the VMM and the system isolation module 3 are started; the parent operating system module 1 is started; the child operating system modules 21 and 22 are activated according to the user selection or Multiple.
  • the System Isolation Module 3 is located in the VMM and is capable of monitoring and/or intercepting read/write access to the disk by all parent/child operating system modules and interacting with the external access control module to isolate the operating system.
  • FIG. 6 a schematic diagram of yet another embodiment of operating system isolation under a virtual machine architecture is shown.
  • the virtual machine system has a management operating system module or a service operating system module 5 (referred to as a secondary operating system module), and the parent operating system module 1 (also referred to as a primary operating system module) runs simultaneously or before the parent operating system module 1 Run, monitor the state of the parent operating system module 1, and provide a disk access interface for the parent/child operating system module.
  • a management operating system module or a service operating system module 5 referred to as a secondary operating system module
  • the parent operating system module 1 also referred to as a primary operating system module
  • the system isolation module 3 is set in the kernel of the secondary operating system module or outside the kernel, and the startup sequence is: computer hardware startup; VMM startup; secondary operating system module 5 and system isolation module 3 startup; parent operating system module 1 startup; Operating system modules 21 and 22 initiate one or more of them based on user selection.
  • the parent operating system module 1 may be more than one.
  • the Windows kernel and the Linux kernel may be simultaneously installed in one computer system, and both of them constitute the parent operating system module 1; Running only one site at the same time under the computer architecture of a non-virtual machine
  • the parent operating system module that is, running Windows or running Linux; running at least one parent operating system module under the virtual machine's computer architecture, that is, the Windows kernel and the Linux kernel can run simultaneously.
  • only one of the sub-operating system modules is run at the same time, that is, the sub-operating system module 21 is run or the sub-operating system module 22 is run; and at least one sub-operation is simultaneously run under the computer architecture of the virtual machine.
  • the system module that is, the sub-operating system modules 21 and 22 can be operated simultaneously.
  • system isolation module 3 specifies the exclusive disk space of each parent operating system module and records it in the external access control module 4.
  • a disk sharing area can be set in the disk, and the user can specify whether the child operating system module can access the disk sharing area through the system isolation module, for example, The specified guest operating system module can access the disk shared area, and the specified other guest operating system module cannot access the disk shared area.
  • Disk sharing area In some cases, the disk sharing area enables users to exchange data in two or more guest operating system modules.
  • the system for implementing operating system isolation also includes a second generation sub-operating system module, which is established by the system isolation module based on the first generation sub-operating system module; for example, the user can be based on the sub-operating system module of the entertainment environment.
  • a second generation sub-operating system module which is established by the system isolation module based on the first generation sub-operating system module; for example, the user can be based on the sub-operating system module of the entertainment environment.
  • a second-generation sub-operational system module, a generation of sub-operating system modules and a parent operating system module together form a complete operating system specific to a certain gaming environment. No other games will be seen in one of the game environments.
  • a home user can create a sub-operating system module for each family member based on a parent operating system module in a computer to form a respective operating environment; when a family member works in his or her operating environment, it does not affect the other.
  • the present invention also provides a method for implementing operating system isolation. After the installation of the parent operating system module is completed, the system isolation module is installed; the system isolation module establishes a disk bitmap file and an index file, in preparation for Disk read/write is monitored.
  • FIG. 8 a flowchart of an embodiment of a method provided by the present invention is as follows:
  • Step 11 The system isolation module creates a disk bitmap file of the parent operating system module in the external storage access control module, and identifies an exclusive disk space of the parent operating system module, where the disk bitmap file cannot be changed;
  • Step 12 The system isolation module boots to establish one or more sub-operating system modules, and creates a disk bitmap file and an index file for each sub-operating system module in the external storage access control module; the disk bitmap file identifies the sub-operating system The exclusive disk space of the module, the index file identifies all the call addresses of the data dumped by the system isolation module and the storage address after the dump and the corresponding relationship between the two; initially, the disk bitmap file Empty with the index file;
  • Step 13 The system isolation module identifies the disk blank space according to the disk bitmap file, where the disk blank space is the disk space file of the parent operating system module and the exclusive disk space identified in the disk bitmap file of the guest operating system module. Disk space other than
  • Step 14 The system isolation module monitors the disk read/write, and the system isolation module monitors the read/write access of the current sub-operating system module to the disk. If the read access is performed, the system isolation module returns to the parent according to the record of the external access control module.
  • the operating system module and/or the current guest operating system module exclusive data in the disk space; if it is a write access, the system isolation module writes the exclusive disk space or disk blank of the current guest operating system module according to the record of the external access control module. In space, and modify the records of the external access control module.
  • step 14 The specific steps of step 14 are as follows:
  • Step 1401 The system isolation module detects the read/write access of the current sub-operating system module to the disk;
  • Step 1402 The system isolation module determines whether it is a read access or a write access; if it is a read access, step 1403 is performed; otherwise, step 1407 is performed;
  • Step 1403 the system isolation module extracts the calling address AO of the read disk data operation initiated by the currently running sub-operating system module;
  • Step 1404 The system isolation module queries the current sub-operating system module according to the calling address AO.
  • the index file if the call address AO and its corresponding storage address A1 are recorded in the index file, step 1405 is performed; otherwise, the data requested by the operation is at the location of the call address, and step 1406 is performed;
  • Step 1405 The system isolation module reads data from the storage address A1 location and returns the current sub-operating system module to end the read access.
  • Step 1406 The system isolation module reads data from the location of the calling address and returns to the current sub-operation system module to end the read access.
  • Step 1407 the system isolation module extracts the call address B0 of the write disk data operation initiated by the currently running sub-operating system module;
  • Step 1408 The system isolation module queries the index file of the current guest operating system module according to the calling address B0. If the calling address B0 and the corresponding storage address B1 are recorded in the index file, step 1409 is performed; otherwise, step 1410 is performed;
  • Step 1409 the system isolation module writes the data to the storage address B1 position, and ends the write access
  • Step 1410 the system isolation module writes the data to the blank space of the disk, and the write address is the storage address; meanwhile, the system isolation module is in the The calling address location records the storage address in the index file of the operating system module, and marks the corresponding location of the storage address in the currently running sub-operating system module disk bitmap file as having a data state, and ends the write access.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

A system and method for performing isolation of the operating system. The system includes a primary OS (operating system) module, at least a secondary OS module including any modify information of the primary OS module by the user, a system isolation module, and an access and control module of the external memory recording the unshared disk space of the primary/secondary OS module. The secondary OS module is booted and/or installed, the unshared space and blank space of the primary/secondary OS module are specified and/or modified by the system isolation module according to the user’s instructions, and the access of read from or write to the disk by the primary/secondary OS is monitored. The different OS environments may be found without occupying more disk spaces by the system and method for performing isolation of the operating system of the invention. The OS may be isolated, the redundancy of the system may be reduced, the security and the reliability of the system may be increased, and the information of user under different secondary OS may be protected according to the invention.

Description

一种实现操作系统隔离的系统及方法 技术领域  System and method for realizing operating system isolation

本发明涉及一种实现操作系统隔离的系统及方法, 特别涉及一种实现操 作系统中存储空间完全隔离的系统及方法, 属于计算机操作系统与计算机安 全领域。 背景技术  The present invention relates to a system and method for implementing operating system isolation, and more particularly to a system and method for completely isolating storage space in an operating system, and belongs to the field of computer operating systems and computer security. Background technique

计算机操作系统是计算机中最重要的系统, 用于管理计算机硬件设备, 并为各种应用软件提供运行环境。 因此, 操作系统的可靠性与安全性十分重 要。  The computer operating system is the most important system in a computer, it is used to manage computer hardware devices, and provides an operating environment for various application software. Therefore, the reliability and security of the operating system is very important.

如今, 越来越多的应用被部署在单一操作系统环境中, 导致用户计算环 境变得非常复杂, 更加难以管理与维护。 更为重要的是: 在病毒和间谋软件 泛滥的今天, 如此复杂的计算环境无疑使得各种计算机安全防护技术漏洞百 出, 甚至是形同虚设。  Today, more and more applications are deployed in a single operating system environment, making the user computing environment complex and more difficult to manage and maintain. More importantly: Today, with the proliferation of viruses and software, such a complex computing environment has undoubtedly made various computer security protection technologies full of vulnerabilities.

对于家庭用户来说: 计算机在家庭生活中扮演的角色越来越重要, 用户 在计算机上进行各种应用, 如游戏, 娱乐, 上网, 看电影, 处理图像, 视频, 甚至进行网络电子交易。 这些应用被简单的安装到单一操作系统环境中, 使 得应用环境变得异常复杂, 直接导致系统负载过重而出现不稳定、 频繁宕机、 数据丟失等现象。 虽然可以在计算机中安装多个操作系统来实现不同.的应用, 但这又造成管理的复杂度和计算资源的浪费。 另一方面, 家庭用户普遍缺乏 计算机维护和安全方面的知识和经验, 这就使得家庭计算机毫无保护地暴露 在网络中, 经常受到病毒和黑客的攻击, 当用户使用被病毒和间谍软件感染 的计算机玩游戏和上网娱乐时, 就会遭受黑客的攻击而造成个人隐私的泄密。 更为严重的是: 如果使用这样的环境去进行网络电子交易, 将给黑客窃取 4艮 行帐号造成可乘之机。 此外, 对于家庭计算机应用来说, 一机多用户已经是 一个普遍的现象。 虽然目前的操作系统支持多用户的功能, 但这种多用户功 能并不能真正地隔离不同用户的软件环境和数据环境, 当一个用户环境被破 坏后, 直接的后果就是导致整个计算机操作系统环境的崩溃。 总而言之, 对 于家庭用户来说, 他们最需要的将是一个多应用、 多用户相互隔离, 并且具 有自主安全防御能力的计算机, 从而简化计算机维护, 提高计算机安全性。  For home users: The role of computers in family life is increasingly important, with users performing various applications on the computer, such as games, entertainment, surfing the Internet, watching movies, processing images, videos, and even conducting electronic transactions on the Internet. These applications are simply installed into a single operating system environment, making the application environment extremely complex, directly causing system overload and instability, frequent downtime, and data loss. Although it is possible to install multiple operating systems in a computer to implement different applications, this in turn causes management complexity and waste of computing resources. On the other hand, home users generally lack the knowledge and experience of computer maintenance and security, which makes home computers exposed to the network unprotected, often attacked by viruses and hackers, when users are infected with viruses and spyware. When computers play games and surf the Internet, they are attacked by hackers and cause personal privacy to be compromised. What's more serious is: If you use such an environment to conduct electronic transactions on the Internet, it will give hackers the ability to steal 4 account accounts. In addition, for home computer applications, multi-users are already a common phenomenon. Although the current operating system supports multi-user functions, this multi-user function does not really isolate the software environment and data environment of different users. When a user environment is destroyed, the direct consequence is that the entire computer operating system environment is caused. collapse. All in all, for home users, what they need most is a multi-application, multi-user isolated and computer with independent security defenses, which simplifies computer maintenance and improves computer security.

对于企业计算机用户来说: 为了保持市场的竟争力, 企业的 IT部门必须 随时做到既要满足对先进信息技术和 IT服务日益增长的需求, 同时又要控制 计算机故障发生的频率、 减少维护成本和影响, 并不断提高企业信息的安全 性, 从而实现降低 IT基础设施的总体成本。 这给计算机的可管理性与安全性 提出了更高的要求。 在企业 IT环境中, 在单一计算机环境中部署的应用越来 越复杂, 直接降低了计算机的稳定性和可靠性, 从而使得计算机出现故障的 频率不断升级, 增加了 IT管理成本以及造成了严重的后果。 另一方面, 企业 需要将企业 IT应用环境和员工私人环境进行隔离, 从而避免企业信息泄密, 提高企业的 IT系统的安全性。 For enterprise computer users: In order to maintain market competitiveness, the corporate IT department must Always meet the growing demand for advanced information technology and IT services, while controlling the frequency of computer failures, reducing maintenance costs and impacts, and continuously improving the security of enterprise information to reduce IT infrastructure. Overall cost. This puts higher demands on the manageability and security of the computer. In an enterprise IT environment, applications deployed in a single computer environment are becoming more and more complex, directly reducing the stability and reliability of the computer, thereby increasing the frequency of computer failures, increasing IT management costs and causing serious as a result of. On the other hand, enterprises need to isolate the enterprise IT application environment from the employee's private environment, so as to avoid corporate information leakage and improve the security of the enterprise's IT system.

对于政府计算机用户来说: 在对 IT安全特别关注的政府部门, 实现内网 和外网的隔离是 IT应用方面的一个基本要求。 目前, 政府部门通过一人双机 或者使用硬件隔离的方式来实现内网和外网的隔离, 从而保障政府信息系统 的安全性。但无论哪种方式都需要较高的 IT投资, 同时也增加了 IT管理的难 度和复杂度, 缺乏良好的应用扩展性。  For government computer users: In government departments that pay special attention to IT security, the isolation of intranets and extranets is a basic requirement for IT applications. At present, the government departments use the one-person dual-machine or hardware isolation to isolate the internal network and the external network, thus ensuring the security of the government information system. But either method requires a higher IT investment, but also increases the difficulty and complexity of IT management, and lacks good application scalability.

对于教育计算机用户来说: 在教育行业中, 为了满足不同的教学目的, IT 管理员需要频繁的为计算机分发新的操作系统和软件。 除此之外, 计算机的 软件系统还会经常被破坏, IT管理员为了不影响教学, 需要快速的修复操作 系统和应用环境。 这就极大地增加了计算机管理的复杂度和难度, 对计算机 管理的效率提出了极高的要求。  For educational computer users: In the education industry, in order to meet different teaching purposes, IT administrators need to frequently distribute new operating systems and software for computers. In addition, the software system of the computer is often destroyed. IT administrators need to quickly repair the operating system and application environment in order not to affect the teaching. This greatly increases the complexity and difficulty of computer management, and places high demands on the efficiency of computer management.

综上所述, 在 IT应用中, 计算机的可管理性, 可维护性, 以及计算机的 安全性问题给计算机消费者和企业造成了巨大的时间成本和经济成本; 同时 现有技术在解决计算机安全性和可靠性方面, 以及保护用户隐私方面都存在 缺陷。 因此, 需要一种技术方案, 能够将用于不用应用目的的应用软件安装 在相互隔离的操作系统环境中, 以保障应用软件的安全性和可靠性。 并且通 过相互隔离的操作系统环境保护用户数据和隐私的安全, 并且该技术方案不 过多的占用磁盘空间, 且不需要增加额外的硬件设备投资。 发明内容  In summary, in IT applications, computer manageability, maintainability, and computer security issues have caused huge time and economic costs for computer consumers and enterprises; while the prior art is solving computer security. There are flaws in terms of sex and reliability, as well as protection of user privacy. Therefore, a technical solution is needed to install application software for application purposes in an isolated operating system environment to ensure the security and reliability of the application software. It also protects user data and privacy through an isolated operating system, and the solution does not take up too much disk space and does not require additional hardware investment. Summary of the invention

本发明的目的是通过对磁盘读 /写操作进行拦截,并将对磁盘的读 /写操作 映射到一个或多个不重叠的磁盘空间中, 从而形成一个或多个相互隔离的操 作系统运行环境。  The object of the present invention is to form one or more isolated operating system operating environments by intercepting disk read/write operations and mapping read/write operations to the disk into one or more non-overlapping disk spaces. .

为实现上述目的, 本发明提供了一种实现操作系统隔离的系统, 包括: 一母操作系统模块, 所述母操作系统模块包括一个操作系统的内核, 用 于提供完成操作系统必需的基本功能的软件程序; 所述母操作系统模块对其 独享磁盘空间及磁盘空白空间进行读访问; To achieve the above objective, the present invention provides a system for implementing operating system isolation, including: a parent operating system module, the parent operating system module including an operating system kernel, Providing a software program for completing the basic functions necessary for the operating system; the parent operating system module reads and accesses the exclusive disk space and the disk blank space;

至少一个子操作系统模块, 包括用户对所述母操作系统模块所做的任何 修改信息; 同所述母操作系统模块交互, 对所述母操作系统模块的独享磁盘 空间进行读访问; 所述子操作系统模块对其独享磁盘空间及磁盘空白空间进 行读 /写访问;  At least one sub-operating system module, including any modification information made by the user to the parent operating system module; interacting with the parent operating system module to perform read access to the exclusive disk space of the parent operating system module; The guest operating system module has read/write access to its exclusive disk space and disk blank space;

一系统隔离模块, 所述系统隔离模块与所述母操作系统模块交互, 用于 根据用户指令引导和 /或建立子操作系统模块,指定和 /或修改所述母 /子操作系 统模块的独享磁盘空间和磁盘空白空间; 所述系统隔离模块还分别同所述母 / 子操作系统模块交互, 用于监控所述母 /子操作系统模块对磁盘的读 /写访问; 一外存访问控制模块, 同所述系统隔离模块交互, 记录所述母 /子操作系 统模块的独享磁盘空间。  a system isolation module, the system isolation module interacts with the parent operating system module, and is configured to guide and/or establish a child operating system module according to a user instruction, and specify and/or modify the exclusive use of the parent/child operating system module. Disk space and disk blank space; the system isolation module further interacts with the parent/child operating system module to monitor read/write access of the parent/child operating system module to the disk; and an external access control module And interacting with the system isolation module to record exclusive disk space of the parent/child operating system module.

为实现上述目的, 本发明还提供了一种实现操作系统隔离的方法, 包括 如下步骤:  To achieve the above object, the present invention also provides a method for implementing operating system isolation, including the following steps:

步骤 1、 系统隔离模块监控当前子操作系统模块对磁盘的读 /写访问; 步骤 2、 如果是读访问, 系统隔离模块根据外存访问控制模块的记录返回 母操作系统模块和 /或当前子操作系统模块独享磁盘空间中的数据;  Step 1. The system isolation module monitors the read/write access of the current sub-operating system module to the disk. Step 2. If it is a read access, the system isolation module returns the parent operating system module and/or the current sub-operation according to the record of the external access control module. The system module exclusively enjoys the data in the disk space;

步驟 3、 如果是写访问, 系统隔离模块根据外存访问控制模块的记录写入 当前子操作系统模块的独享磁盘空间或磁盘空白空间中, 并修改外存访问控 制模块的记录。  Step 3. If it is a write access, the system isolation module writes the exclusive disk space or the disk blank space of the current guest operating system module according to the record of the external access control module, and modifies the record of the external access control module.

因此, 本发明具有以下优点:  Therefore, the present invention has the following advantages:

1、 使用本发明实现操作系统隔离的系统和方法, 可以在不占用更多磁盘 空间的前提下基于单一操作系统创建不同的且相互隔离的子操作系统模块, 使用者可以灵活选择使用;  The system and method for implementing operating system isolation according to the present invention can create different and mutually isolated sub-operating system modules based on a single operating system without occupying more disk space, and the user can flexibly select and use;

2、 使用本发明实现操作系统隔离的系统和方法, 可以根据每个子操作系 统模块的创建目的, 有针对性的安装应用软件, 降低每个操作环境中应用软 件的数量, 减少系统冗余, 增加系统的安全性和可靠性;  2. The system and method for realizing operating system isolation by using the present invention can selectively install application software according to the purpose of creating each sub-operating system module, reduce the number of application software in each operating environment, reduce system redundancy, and increase System security and reliability;

3、 使用本发明实现操作系统隔离的系统和方法, 每个子操作系统模块的 不安全因素不会对其他子操作系统模块产生影响, 增加系统的安全性和可靠 性;  3. The system and method for implementing operating system isolation using the present invention, the insecure factors of each sub-operating system module do not affect other sub-operating system modules, and increase the security and reliability of the system;

4、 使用本发明实现操作系统隔离的系统和方法, 可以保护不同子操作系 统模块下使用者的信息。 下面结合附图和实施例, 对本发明的技术方案做进一步的详细描述。 附图说明 4. The system and method for implementing operating system isolation using the present invention can protect information of users under different sub-operating system modules. The technical solution of the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. DRAWINGS

图 1为本发明实现操作系统隔离的系统的一个实施例的结构图; 图 2为本发明所提供系统的外存访问控制模块的实施例的示意图; 图 3为本发明所提供系统在基于传统计算机架构下的系统示意图; 图 4为本发明所提供系统的隔离模块监控并拦截磁盘 I/O访问的处理流 程图;  1 is a structural diagram of an embodiment of a system for implementing operating system isolation according to the present invention; FIG. 2 is a schematic diagram of an embodiment of an external storage access control module of the system provided by the present invention; FIG. 4 is a schematic diagram of a system for monitoring and intercepting disk I/O access by an isolation module of the system provided by the present invention; FIG.

图 5为本发明所提供系统的基于虚拟机计算机架构下的系统示意图; 图 6为本发明所提供系统基于虚拟机计算机架构下的又一实施例的系统 示意图;  5 is a schematic diagram of a system based on a virtual machine computer architecture of the system provided by the present invention; FIG. 6 is a schematic diagram of a system according to still another embodiment of a virtual machine computer architecture provided by the system of the present invention;

图 7为本发明所提供系统的磁盘空间分布示意图;  7 is a schematic diagram of a disk space distribution of a system provided by the present invention;

图 8为本发明实现操作系统隔离的方法的一个实施例的流程图。 具体实施方式  FIG. 8 is a flow chart of an embodiment of a method for implementing operating system isolation according to the present invention. detailed description

本发明实现操作系统隔离的系统的实施例:  Embodiments of the system for implementing operating system isolation of the present invention:

参见图 1, 包括母操作系统模块 1、 子操作系统模块 21、 子操作系统模块 22、 系统隔离模块 3和外存访问控制模块 4。  Referring to FIG. 1, the parent operating system module 1, the child operating system module 21, the child operating system module 22, the system isolation module 3, and the external memory access control module 4 are included.

母操作系统模块 1可以仅包括一个用于完成最基本功能的操作系统内核, 所谓操作系统内核指用于提供操作系统必需的基本功能的软件程序; 这个完 成最基本功能的操作系统内核可以为 Linux或者 Unix或者 Windows的内核。  The parent operating system module 1 may include only one operating system kernel for performing the most basic functions, and the operating system kernel refers to a software program for providing basic functions necessary for the operating system; the operating system kernel that performs the most basic functions may be Linux. Or the kernel of Unix or Windows.

除了包括操作系统内核, 母操作系统模块 1还可包括操作系统内核之外 的软件程序在内, 即包括操作系统内核和操作系统内核之外的应用程序, 用 于提供操作系统必需的基本功能和用户预设的功能。 比如, 如果管理员设定 所有的操作环境中都有 Office软件, 就可以将 Office软件安装在母操作系统 模块 1中。  In addition to including the operating system kernel, the parent operating system module 1 may also include software programs other than the operating system kernel, including applications other than the operating system kernel and the operating system kernel, to provide the basic functions necessary for the operating system and User preset function. For example, if the administrator has Office software in all operating environments, the Office software can be installed in the parent operating system module 1.

子操作系统模块可以为一个或多个, 包括对所述母操作系统模块 1 所做 的任何修改信息。 以两个子操作系统为例进行说明, 其中, 子操作系统模块 21在母操作系统模块 1基础上安装了 Office软件、 翻译软件和其他计算软件 程序, 同时对 IE进行了屏蔽; 子操作系统模块 21 同母操作系统模块 1共同 构成一个完整的办公操作系统环境, 可以进行文字处理及数据计算, 但是不 可以上网; 子操作系统模块 22在母操作系统模块 1!^出上安装了的游戏软件 和多媒体播放软件, 同母操作系统模块 1 共同构成一个完整的娱乐操作系统 环境, 可以游戏、 看视频文件以及上网等。 在计算机磁盘空间允许的情况下, 子操作系统模块的数量无限制。 The guest operating system modules may be one or more, including any modification information made to the parent operating system module 1. The two operating systems are described as an example. The sub-operating system module 21 installs the Office software, the translation software, and other computing software programs on the basis of the parent operating system module 1 and shields the IE; the sub-operating system module 21 Together with the parent operating system module 1 constitutes a complete office operating system environment, can perform word processing and data calculation, but can not access the Internet; the sub-operating system module 22 is in the parent operating system module 1! ^The game software installed on it Together with the multimedia player software, the same operating system module 1 constitutes a complete entertainment operating system environment, which can play games, watch video files and access the Internet. The number of guest operating system modules is unlimited if the computer's disk space allows.

子操作系统模块 21和 22分别同母操作系统模块 1交互, 可以对母操作 系统模块 1的独享磁盘空间中的数据进行读取访问。子操作系统模块 21和 22 分别具有各自的独享磁盘空间, 可以对其独享磁盘空间及磁盘空白空间进行 读 /写访问。  The sub-operating system modules 21 and 22 respectively interact with the parent operating system module 1 to perform read access to the data in the exclusive disk space of the parent operating system module 1. The guest operating system modules 21 and 22 each have their own exclusive disk space, which allows read/write access to their exclusive disk space and disk blank space.

系统隔离模块 3监控母操作系统模块 1和子操作系统模块 21或 22对磁 盘的读 /写访问, 拦截所有对母操作系统模块 1的独享磁盘空间的写访问。  The system isolation module 3 monitors the read/write access of the parent operating system module 1 and the child operating system module 21 or 22 to the disk, and intercepts all write access to the exclusive disk space of the parent operating system module 1.

如图 2 所示, 为本发明所提供的实现操作系统隔离的系统中外存访问控 制模块 4的一个实施例的示意图。 外存访问控制模块 4位于硬盘存储器的磁 盘空间中, 它由多个文件所组成。 其中, 外存访问控制模块 4 包括: 母操作 系统模块 1的磁盘位图文件 41, 子操作系统模块 21的磁盘位图文件 4211 , 子操作系统模块 22的磁盘位图文件 4221 , 以及子操作系统模块 21的索引文 件 4212和子操作系统模块 22的索引文件 4222。  As shown in FIG. 2, it is a schematic diagram of an embodiment of an external access control module 4 in a system for implementing operating system isolation provided by the present invention. The external access control module 4 is located in the disk space of the hard disk storage and is composed of a plurality of files. The external access control module 4 includes: a disk bitmap file 41 of the parent operating system module 1, a disk bitmap file 4211 of the guest operating system module 21, a disk bitmap file 4221 of the guest operating system module 22, and a guest operating system. The index file 4212 of the module 21 and the index file 4222 of the guest operating system module 22.

本发明实现操作系统隔离的系统的在基于传统计算机架构下的实施例: 如图 3 所示, 为本发明所提供的系统在基于传统计算机架构下的结构示 意图。 在传统计算机架构下, 计算机系统每次只能运行一个操作系统, 其结 构为: 最底层为计算机硬件, 包括 CPU、 硬盘、 内存、 显卡、 I/O接口等。 系 统隔离模块 3在此架构下可设置在计算机中的基本输入输出模块即 BIOS中或 者计算机扩展固件接口即 EFI中;可设置在硬盘控制器的固件程序( Firmware ) 中; 也可以设置在母操作系统模块 1的内核之中或内核之外。  Embodiments of the present invention that implement operating system isolation based on a conventional computer architecture: As shown in FIG. 3, the architecture of the present invention is based on a conventional computer architecture. Under the traditional computer architecture, the computer system can only run one operating system at a time. The structure is: The lowest level is computer hardware, including CPU, hard disk, memory, graphics card, I/O interface, and so on. The system isolation module 3 can be set in the BIOS in the basic input/output module of the computer, or in the computer expansion firmware interface, EFI; it can be set in the firmware of the hard disk controller (firmware); In the kernel of system module 1 or outside the kernel.

在本实施例中, 系统隔离模块 3被设置在母操作系统模块 1的内核当中。 在指定母操作系统模块 1之前, 用户首先需要在计算机中安装一个操作系统, 在本实施例中以 Windows操作系统为例, 然后, 用户可以根据需要对此操作 系统进行必要的配置, 如安装和配置硬件驱动程序, 配置网络地址, 调整 Windows桌面分辨率等。 同时对于在每个子操作系统模块中都需要用到软件, 如一些病毒防护软件和个人防火墙, 可以根据需要安装。 此外, 在本实施例 中, 用户将系统隔离模块 3作为操作系统的驱动程序设置在上述操作系统内 核之中。 在完成上述准备工作之后, 用户可以通过系统隔离模块 3指定上述 的操作系统为母操作系统模块 1。 当指定了母操作系统模块 1之后, 系统隔离 模块 3同时在外存访问控制模块 4中为母操作系统模块 1创建母操作系统磁 盘位图文件 41。此后,系统隔离模块 3将监控并拦截所有对磁盘的读 /写访问, 不允许任何程序和系统改写母操作系统模块 1中的程序和数据。 In this embodiment, the system isolation module 3 is disposed in the kernel of the parent operating system module 1. Before the parent operating system module 1 is specified, the user first needs to install an operating system in the computer. In this embodiment, the Windows operating system is taken as an example. Then, the user can perform necessary configuration on the operating system as needed, such as installation and Configure hardware drivers, configure network addresses, adjust Windows desktop resolution, and more. At the same time, software is required in each sub-operating system module, such as some virus protection software and personal firewall, which can be installed as needed. In addition, in the embodiment, the user sets the system isolation module 3 as a driver of the operating system in the operating system kernel. After completing the above preparation work, the user can designate the above operating system as the parent operating system module 1 through the system isolation module 3. After the parent operating system module 1 is specified, the system isolation module 3 simultaneously creates a parent operating system magnetic for the parent operating system module 1 in the external memory access control module 4. Disk bitmap file 41. Thereafter, the system isolation module 3 will monitor and intercept all read/write accesses to the disk, and will not allow any programs and systems to overwrite the programs and data in the parent operating system module 1.

母操作系统模块 1的母操作系统磁盘位图文件 41记录母操作系统模块 1 的磁盘存储块状态, 用于标识所述母操作系统模块 1 在磁盘上的独享磁盘空 间; 举例来说, 如果磁盘上某个块单位(如以扇区为单位, 则为某个扇区) 上存有母操作系统模块 1的有效数据, 则在母操作系统磁盘位图文件 41对应 的位置标志为 1 , 否则标记为 0。  The parent operating system disk bitmap file 41 of the parent operating system module 1 records the disk storage block status of the parent operating system module 1 for identifying the exclusive disk space of the parent operating system module 1 on the disk; for example, if If a block unit on the disk (for example, a sector is a sector) has valid data of the parent operating system module 1, the location flag corresponding to the parent operating system disk bitmap file 41 is 1. Otherwise marked as 0.

当用户通过系统隔离模块 3指定了母操作系统模块 1之后, 则可以根据 需要, 通过系统隔离模块 3与母操作系统模块 1交互而创建子操作系统模块 21和 22。 在本实施例中, 子操作系统模块 21在母操作系统模块 1基础上安 装了 Office软件、 翻译软件和其他计算软件程序, 同时对 IE进行了屏蔽; 子 操作系统模块 21 同母操作系统模块 1 共同构成一个完整的办公操作系统环 境, 可以进行文字处理及数据计算, 但是不可以上网; 子操作系统模块 22在 母操作系统模块 1基础上安装了的游戏软件和多媒体播放软件, 同母操作系 统模块 1 共同构成一个完整的娱乐操作系统环境, 可以游戏、 看视频文件以 及上网等。 系统隔离模块 3 同时在外存访问控制模块 4中为子操作系统模块 21和 22分别创建子操作系统位图文件 4211和 4221 , 同时在外存访问控制模 块 4中为子操作系统模块 21和 22分别创建子操作系统索引文件 4212和 4222。  After the user specifies the parent operating system module 1 through the system isolation module 3, the child operating system modules 21 and 22 can be created by interacting with the parent operating system module 1 through the system isolation module 3 as needed. In this embodiment, the guest operating system module 21 installs the Office software, the translation software, and other computing software programs on the basis of the parent operating system module 1 and shields the IE at the same time; the child operating system module 21 is the same as the parent operating system module 1 Together form a complete office operating system environment, can perform word processing and data calculation, but can not access the Internet; the sub-operating system module 22 is installed on the basis of the parent operating system module 1 game software and multimedia playback software, the same mother operating system Module 1 together form a complete entertainment operating system environment that can play games, watch video files, and access the Internet. The system isolation module 3 simultaneously creates sub-operating system bitmap files 4211 and 4221 for the sub-operating system modules 21 and 22, respectively, in the external storage access control module 4, and simultaneously creates sub-operating system modules 21 and 22 in the external storage access control module 4, respectively. The guest operating system indexes files 4212 and 4222.

子操作系统磁盘位图文件 4211和 4221记录子操作系统模块 21和 22的 磁盘存储块状态, 用于标识子操作系统模块 21和 22在磁盘上的独享磁盘空 间; 举例来说, 如果磁盘上某个块单位(如以扇区为单位, 则为某个扇区) 上存有子操作系统模块 21 的有效数据, 则在子操作系统磁盘位图文件 4221 对应的位置标志为 1 , 否则标记为 0。  The sub-operating system disk bitmap files 4211 and 4221 record the disk storage block status of the sub-operating system modules 21 and 22 for identifying the exclusive disk space of the sub-operating system modules 21 and 22 on the disk; for example, if on the disk If a block unit (such as a sector, it is a sector) has valid data of the sub-operating system module 21, then the position flag corresponding to the sub-operating system disk bitmap file 4221 is 1, otherwise Is 0.

子操作系统索引文件 4212和 4222标识所有被系统隔离模块 3所转储数 据的调用地址与转储后的存储地址及二者间的对应关系。 比如, 当操作者在 办公环境中对母操作系统模块 1的、 源地址为 AO的文件 ABC进行改写时, 系统隔离模块 3将拦截该操作, 并将对文件 ABC改写的数据写入该子操作系 统模块 21的独享磁盘空间或者空白磁盘空间中地址为 A1的地方。 系统隔离 模块 3在索引文件 4212中记录该文件 ABC改写的数据实际写入的目标存储 地址 A1和源地址 A0。 此刻, 我们称目标存储地址 A1为源地址 AO的索引地 址。 当在子操作系统模块 21中再次读取文件 ABC的数据时, 系统隔离模块 3 检查该索引文件 4212, 将地址 A1的数据读取出来, 而不读取 AO中的数据。 当完成了子操作系统模块 21和 22的创建之后, 用户即可在计算机启动 时根据自己的需要选择启动任意一个子操作系统模块。 根据系统隔离模块 3 设置的位置不同, 其与母操作系统模块 1的启动顺序也有不同: The sub-operating system index files 4212 and 4222 identify all the call addresses of the data dumped by the system isolation module 3 and the storage addresses after the dump and the corresponding relationship between the two. For example, when the operator rewrites the file ABC of the parent operating system module 1 whose source address is AO in the office environment, the system isolation module 3 intercepts the operation and writes the data rewritten to the file ABC into the sub-operation. The exclusive disk space of the system module 21 or the place where the address in the blank disk space is A1. The system isolation module 3 records in the index file 4212 the target storage address A1 and the source address A0 actually written by the data rewritten by the file ABC. At this point, we refer to the target storage address A1 as the index address of the source address AO. When the data of the file ABC is read again in the guest operating system module 21, the system isolation module 3 checks the index file 4212, reads the data of the address A1, and does not read the data in the AO. After the creation of the sub-operating system modules 21 and 22 is completed, the user can select to launch any of the sub-operating system modules according to their own needs when the computer is started. According to the location of the system isolation module 3, it is different from the startup sequence of the parent operating system module 1:

系统隔离模块 3设置在 BIOS或 EFI时, 先于母操作系统模块 1启动, 启动顺序为: 系统隔离模块 3紧随计算机硬件启动, 系统隔离模块 3引导提 示用户选择进入哪一个操作系统环境, 比如, 操作者选择娱乐环境。 然后系 统隔离模块 3引导母操作系统模块 1启动, 并在母操作系统模块 1引导完成 后加载子操作系统模块 22, 从而为用户形成完整得娱乐操作系统环境。  When the system isolation module 3 is set in the BIOS or EFI, it is started before the parent operating system module 1. The startup sequence is as follows: The system isolation module 3 starts with the computer hardware, and the system isolation module 3 guides the user to select which operating system environment to enter, for example. The operator chooses the entertainment environment. Then, the system isolation module 3 boots the parent operating system module 1 to start, and loads the child operating system module 22 after the mother operating system module 1 is booted, thereby forming a complete entertainment operating system environment for the user.

当系统隔离模块 3设置在硬盘控制器的固件程序中时, 先于母操作系统 模块 1启动,启动顺序与该系统隔离模块 3设置在 BIOS或 EFI时的启动顺序 相同。 通过将系统隔离模块 3设置在硬盘控制器的固件程序中, 用户能够随 硬盘控制器同时购买, 避免手动安装, 简化了程序的使用。  When the system isolation module 3 is set in the firmware program of the hard disk controller, it is started before the parent operating system module 1, and the startup sequence is the same as the startup sequence when the system isolation module 3 is set in the BIOS or EFI. By setting the system isolation module 3 in the firmware program of the hard disk controller, the user can purchase it at the same time as the hard disk controller, avoiding manual installation and simplifying the use of the program.

当系统隔离模块 3设置在母操作系统模块 1的内核之中或内核之外时, 与母操作系统模块 1 同时启动, 启动顺序为: 计算机硬件启动, 母操作系统 模块 1与系统隔离模块 3同时启动, 并提示用户选择进入哪一个操作系统环 境, 比如, 操作者选择办公环境, 则系统隔离模块 3 引导加载子操作系统模 块 21, 构成完整的办公操作系统环境。  When the system isolation module 3 is set in the kernel of the parent operating system module 1 or outside the kernel, it is started simultaneously with the parent operating system module 1, and the startup sequence is: the computer hardware is started, and the mother operating system module 1 and the system isolation module 3 are simultaneously The system is activated, and the user is prompted to select an operating system environment. For example, if the operator selects an office environment, the system isolation module 3 boots and loads the sub-operating system module 21 to form a complete office operating system environment.

当计算机启动之后, 母操作系统模块 1和系统隔离模块 3按照上述不同 情况分别被加载运行,本实施例由于系统隔离模块 3设置在母操作系统模块 1 的内核之中, 因此, 母操作系统模块 1与系统隔离模块 3 同时启动。 同时, 系统隔离模块 3也会根据用户的选择加载指定的子操作系统模块 21或 22。此 后, 用户可以在当前加载的母操作系统模块 1和子操作系统模块 21或 22中 执行安装软件, 修改配置, 编辑文件等操作。 但无论何种情况, 系统隔离模 块 3 —直在监控对磁盘的读写访问, 只要发生读写磁盘的访问都会被系统隔 离模块 3拦截, 并根据不同的情况分别进行处理, 以实现操作系统的隔离。  After the computer is started, the parent operating system module 1 and the system isolation module 3 are respectively loaded and run according to the above different situations. In this embodiment, since the system isolation module 3 is disposed in the kernel of the parent operating system module 1, the parent operating system module 1 Start at the same time as system isolation module 3. At the same time, the system isolation module 3 also loads the specified sub-operating system module 21 or 22 according to the user's selection. After that, the user can perform operations such as installing software, modifying configuration, editing files, etc. in the currently loaded parent operating system module 1 and child operating system module 21 or 22. In any case, the system isolation module 3 directly monitors the read and write access to the disk. As long as the access to the read/write disk occurs, it is intercepted by the system isolation module 3, and processed according to different situations to implement the operating system. isolation.

对于本发明所提供的实现操作系统隔离的系统, 在外存访问控制模块 4 提供了磁盘位图文件和索引文件的 出上, 系统隔离模块 3对母 /子操作系统 模块磁盘的读写访问的监控流程如图 4所示, 如果发现是读磁盘访问, 系统 隔离模块 3首先从读磁盘访问调用者那里获取读磁盘的目标地址 A0, 然后, 系统隔离模块 3使用目标地址 AO查询当前运行的子操作系统模块 21或 22的 子操作系统索引文件 4212或 4222,如果子操作系统索引文件 4212或 4222中 的 AO位置存在相应的索引地址 A1 , 则系统隔离模块 3从磁盘地址 A1位置 读取数据, 并返回给调用者。 否则, 系统隔离模块 3则从磁盘地址 AO位置读 取数据, 并返回给调用者。 For the system for implementing operating system isolation provided by the present invention, the external access access control module 4 provides the disk bitmap file and the index file, and the system isolation module 3 monitors the read/write access of the mother/child operating system module disk. The flow is shown in Figure 4. If it is found to be a read disk access, the system isolation module 3 first obtains the target address A0 of the read disk from the read disk access caller, and then the system isolation module 3 uses the target address AO to query the currently running sub-operation. The sub-OS index file 4212 or 4222 of the system module 21 or 22, if the AO location in the sub-OS index file 4212 or 4222 has a corresponding index address A1, the system isolation module 3 is located from the disk address A1. Read the data and return it to the caller. Otherwise, system isolation module 3 reads the data from the disk address AO location and returns it to the caller.

如果系统隔离模块 3发现是写磁盘访问, 系统隔离模块 3首先从写磁盘 访问调用者那里获取写磁盘的目标地址 B0, 然后, 系统隔离模块 3使用目标 地址 B0查询当前运行的子操作系统模块 21或 22的子操作系统索引文件 4212 或 4222, 如果子操作系统索引文件 4212或 4222中的 B0位置存在相应的索 引地址 Bl, 则系统隔离模块 3将数据写入 B1位置, 并结束写访问。 否则, 系统隔离模块将数据写入磁盘空白空间, 该写入地址为索引地址 B2; 同时, 系统隔离模块在子操作系统模块 21或 22的子操作系统索引文件 4212或 4222 中 B0所指示的位置记录该索引地址 B2, 并将当前运行的子操作系统模块 21 或 22的子操作系统磁盘位图文件 4211或 4221中 B2所指示的位置标记为 1 , 表示此位置的数据为子操作系统模块 21或 22所有, 此后, 系统隔离模块 3 结束写访问。  If the system isolation module 3 finds that it is a write disk access, the system isolation module 3 first obtains the target address B0 of the write disk from the write disk access caller, and then the system isolation module 3 queries the currently running guest operating system module 21 using the target address B0. Or the child operating system index file 4212 or 4222 of 22, if the corresponding index address Bl exists in the B0 position in the guest operating system index file 4212 or 4222, the system isolation module 3 writes the data to the B1 position and ends the write access. Otherwise, the system isolation module writes data to the disk blank space, the write address is the index address B2; meanwhile, the system isolation module is in the position indicated by B0 in the guest operating system index file 4212 or 4222 of the guest operating system module 21 or 22. The index address B2 is recorded, and the location indicated by B2 in the guest operating system disk bitmap file 4211 or 4221 of the currently running guest operating system module 21 or 22 is marked as 1, indicating that the data at this location is the guest operating system module 21. Or 22 all, after which system isolation module 3 ends the write access.

当用户选择启动到任一子操作系统模块时, 通过系统隔离模块 3 与外存 访问控制模块的交互作用, 可以确保用户不会看到磁盘上其他子操作系统模 块的独享磁盘空间中的数据。 比如用户选择启动进入子操作系統模块 21 , 系 统隔离模块 3只从外存访问控制模块中调用母操作系统磁盘位图文件 41、 子 操作系统磁盘位图文件 4211和子操作系统索引文件 4212, 因此, 对于母操 作系统模块 1 来说, 它只能看到和读取自己的独享磁盘空间中的内容, 对于 子操作系统模块 21来说, 它只能看到母操作系统模块 1的磁盘独享空间和自 身的独享磁盘空间以及空白磁盘空间, 但看不到其他子操作系统模块所占用 的独享磁盘空间, 而且, 通过系统隔离模块 3 的拦截作用, 子操作系统模块 21也不可能将数据写入母操作系统模块 1的独享磁盘空间和其他子操作系统 模块的独享磁盘空间中。 因此, 采用上述原理, 即可确保母操作系统模块 1 不可被更改, 而且, 各个子操作系统模块之间实现相互隔离, 最终实现了操 作系统的隔离。  When the user chooses to boot to any of the sub-operating system modules, the interaction between the system isolation module 3 and the external access control module ensures that the user does not see the data in the exclusive disk space of other sub-operating system modules on the disk. . For example, the user selects to boot into the sub-operating system module 21, and the system isolation module 3 only calls the parent operating system disk bitmap file 41, the sub-operating system disk bitmap file 4211, and the sub-operating system index file 4212 from the external storage access control module. For the parent operating system module 1, it can only see and read the contents of its own exclusive disk space. For the guest operating system module 21, it can only see the exclusive disk of the parent operating system module 1. Space and its own exclusive disk space and blank disk space, but can not see the exclusive disk space occupied by other sub-operating system modules, and through the interception of the system isolation module 3, the sub-operating system module 21 is also impossible The data is written to the exclusive disk space of the parent operating system module 1 and the exclusive disk space of the other guest operating system modules. Therefore, by adopting the above principle, it is ensured that the parent operating system module 1 cannot be changed, and each sub-operating system module is isolated from each other, and finally the isolation of the operating system is realized.

另外, 子操作系统模块 21或 22的独享磁盘空间是可以改变的, 例如, 当子操作系统模块 21执行写访问, 将数据写入磁盘空白空间地址 A3时, 系 统隔离模块 3就将子操作系统磁盘位图文件 4211的对应位置进行标识, 该空 白磁盘空间即变为该子操作系统模块 21的独享磁盘空间。 当子操作系统模块 22执行写访问, 将数据写入磁盘空白空间 A4时, 系统隔离模块 3就将子操 作系统磁盘位图文件 4221的对应位置进行标识, 该空白磁盘空间即变为该子 操作系统模块 22的独享磁盘空间; 当子操作系统模块 21启动时, 磁盘空白 空间 A4的数据不会被读取, 因此, 对于子操作系统模块 21来说磁盘空白空 间 A4的数据为不可见。 In addition, the exclusive disk space of the guest operating system module 21 or 22 can be changed. For example, when the guest operating system module 21 performs a write access and writes data to the disk blank space address A3, the system isolation module 3 performs sub-operations. The corresponding location of the system disk bitmap file 4211 is identified, and the blank disk space becomes the exclusive disk space of the guest operating system module 21. When the guest operating system module 22 performs write access and writes data to the disk blank space A4, the system isolation module 3 identifies the corresponding location of the guest operating system disk bitmap file 4221, and the blank disk space becomes the sub-space. The exclusive disk space of the operating system module 22; when the child operating system module 21 is started, the data of the disk blank space A4 is not read, therefore, the data of the disk blank space A4 is invisible to the guest operating system module 21. .

本发明实现操作系统隔离的系统在虛拟机架构下的实施例:  The embodiment of the system for implementing operating system isolation in the virtual machine architecture of the present invention:

参见图 5所示, 为本发明实现操作系统隔离的系统在虚拟机架构下实现 操作系统隔离的示意图。 在支持虚拟机技术的计算机架构下, 虚拟内存管理 模块(Virtual Memory Manager, 筒称 VMM )是虛拟机技术中最核心的部分, 运行于所有其他操作系统之下 , 为运行于其上的操作系统分配和协调系统资 源。 例如 VMWare公司的 VMWare软件, 微软公司的 Virtual PC软件, 以及 XenSource公司的 Xen软件都是支持虚拟机技术的软件。 在 VMM的作用下, 同一个计算机系统中能够同时运行两个或者多个操作系统, 在本实施例中, 只以一个母操作系统模块 1为例, 其中, 母操作系统模块 1又由系统隔离模 块 3引导建立了 2个子操作系统模块 21和 22。  Referring to FIG. 5, it is a schematic diagram of implementing operating system isolation in a virtual machine architecture for a system that implements operating system isolation according to the present invention. Under the computer architecture supporting virtual machine technology, the virtual memory management module (Virtual Memory Manager, called VMM) is the core part of the virtual machine technology, running under all other operating systems, and operating system on it. Allocate and coordinate system resources. For example, VMWare's VMWare software, Microsoft's Virtual PC software, and XenSource's Xen software are all software that supports virtual machine technology. Under the action of the VMM, two or more operating systems can be run simultaneously in the same computer system. In this embodiment, only one parent operating system module 1 is taken as an example, wherein the parent operating system module 1 is isolated by the system. Module 3 directs the establishment of two guest operating system modules 21 and 22.

系统隔离模块 3位于 VMM中, 与 VMM同时启动, 启动顺序为: 计算 机硬件启动; VMM与系统隔离模块 3启动; 母操作系统模块 1启动; 子操作 系统模块 21和 22根据用户选择启动其中一个或多个。  The system isolation module 3 is located in the VMM and is started simultaneously with the VMM. The startup sequence is: the computer hardware is started; the VMM and the system isolation module 3 are started; the parent operating system module 1 is started; the child operating system modules 21 and 22 are activated according to the user selection or Multiple.

系统隔离模块 3位于 VMM中,它能够监控和 /或拦截所有母 /子操作系统 模块对磁盘的读 /写访问, 并与外存访问控制模块交互作用, 实现操作系统的 隔离。  The System Isolation Module 3 is located in the VMM and is capable of monitoring and/or intercepting read/write access to the disk by all parent/child operating system modules and interacting with the external access control module to isolate the operating system.

本发明实现操作系统隔离的系统在虚拟机架构下的又一实施例: 参见图 6 所示, 为虚拟机架构下实现操作系统隔离的又一实施例的示意 图。虚拟机系统中设有管理操作系统模块或服务操作系统模块 5 (称为副操作 系统模块) , 和母操作系统模块 1 (也称为主操作系统模块 )同时运行或先于 母操作系统模块 1运行, 监控母操作系统模块 1的状态, 并为母 /子操作系统 模块提供磁盘访问接口。  Yet another embodiment of the system for implementing operating system isolation in a virtual machine architecture: Referring to Figure 6, a schematic diagram of yet another embodiment of operating system isolation under a virtual machine architecture is shown. The virtual machine system has a management operating system module or a service operating system module 5 (referred to as a secondary operating system module), and the parent operating system module 1 (also referred to as a primary operating system module) runs simultaneously or before the parent operating system module 1 Run, monitor the state of the parent operating system module 1, and provide a disk access interface for the parent/child operating system module.

系统隔离模块 3设置在副操作系统模块的内核之中或内核之外, 启动顺 序为: 计算机硬件启动; VMM启动; 副操作系统模块 5与系统隔离模块 3启 动; 母操作系统模块 1启动; 子操作系统模块 21和 22根据用户选择启动其 中一个或多个。  The system isolation module 3 is set in the kernel of the secondary operating system module or outside the kernel, and the startup sequence is: computer hardware startup; VMM startup; secondary operating system module 5 and system isolation module 3 startup; parent operating system module 1 startup; Operating system modules 21 and 22 initiate one or more of them based on user selection.

本发明的在虚拟机架构下的实施例中, 母操作系统模块 1 可以为一个以 上, 比如, 可以在一台计算机系统中同时安装 Windows内核和 Linux内核, 它们都构成母操作系统模块 1;在非虚拟机的计算机架构下同时仅运行一个所 述母操作系统模块, 即或者运行 Windows或者运行 Linux; 在虚拟机的计算 机架构下同时运行至少一个母操作系统模块, 即 Windows内核和 Linux内核 可以同时运行。 另外, 在非虛拟机的计算机架构下同时仅运行一个所述子操 作系统模块, 即或者运行子操作系统模块 21或者运行子操作系统模块 22; 在 虛拟机的计算机架构下同时运行至少一个子操作系统模块, 即可以让子操作 系统模块 21和 22同时运行。 In the embodiment of the virtual machine architecture of the present invention, the parent operating system module 1 may be more than one. For example, the Windows kernel and the Linux kernel may be simultaneously installed in one computer system, and both of them constitute the parent operating system module 1; Running only one site at the same time under the computer architecture of a non-virtual machine The parent operating system module, that is, running Windows or running Linux; running at least one parent operating system module under the virtual machine's computer architecture, that is, the Windows kernel and the Linux kernel can run simultaneously. In addition, in the non-virtual machine computer architecture, only one of the sub-operating system modules is run at the same time, that is, the sub-operating system module 21 is run or the sub-operating system module 22 is run; and at least one sub-operation is simultaneously run under the computer architecture of the virtual machine. The system module, that is, the sub-operating system modules 21 and 22 can be operated simultaneously.

多个母操作系统模块彼此独立设置, 由系统隔离模块 3 指定每个母操作 系统模块的独享磁盘空间并记录于外存访问控制模块 4。  Multiple parent operating system modules are set independently of each other, and the system isolation module 3 specifies the exclusive disk space of each parent operating system module and records it in the external access control module 4.

本发明实现操作系统隔离的系统的设置磁盘共享区域的实施例: 参见图 7, 可以在磁盘中设置磁盘共享区域, 用户可以通过系统隔离模块 指定子操作系统模块是否可以访问磁盘共享区域, 如可以指定子操作系统模 块可以访问磁盘共享区域, 而指定另外的子操作系统模块不可以访问磁盘共 享区域。 同时还可以设定指定子操作系统模块对磁盘共享区域的访问方式, 如可以指定某些子操作系统模块使用只读的方式访问磁盘共享区域, 其他的 子操作系统模块使用读 /写的方式访问磁盘共享区域。 在某些情况下, 通过磁 盘共享区域能够支持用户在两个或者多个子操作系统模块中交换数据。  The embodiment of the present invention for setting up a disk sharing area of the system for operating system isolation: Referring to FIG. 7, a disk sharing area can be set in the disk, and the user can specify whether the child operating system module can access the disk sharing area through the system isolation module, for example, The specified guest operating system module can access the disk shared area, and the specified other guest operating system module cannot access the disk shared area. At the same time, you can also set the access mode of the specified sub-operating system module to the disk sharing area. For example, you can specify that some sub-operating system modules use the read-only mode to access the disk sharing area. Other sub-operating system modules use read/write access. Disk sharing area. In some cases, the disk sharing area enables users to exchange data in two or more guest operating system modules.

本发明实现操作系统隔离的系统的多级子操作系统的实施例:  Embodiments of the multi-level sub-operating system of the system for implementing operating system isolation according to the present invention:

实现操作系统隔离的系统中还包含第二代子操作系统模块, 是由系统隔 离模块在第一代子操作系统模块基础上引导建立的; 比如, 用户可以在娱乐 环境的子操作系统模块基础上创建多个第二代子操作系统模块, 并分别在不 同的第二代子操作系统模块中安装不同的游戏软件。 此刻, 一个二代子操作 系统模块, 一代子操作系统模块和母操作系统模块共同构成一个具体到某个 游戏环境的完整操作系统。 在其中一个游戏环境中不会看到其他的游戏。  The system for implementing operating system isolation also includes a second generation sub-operating system module, which is established by the system isolation module based on the first generation sub-operating system module; for example, the user can be based on the sub-operating system module of the entertainment environment. Create multiple second-generation guest operating system modules, and install different game software in different second-generation guest operating system modules. At this point, a second-generation sub-operational system module, a generation of sub-operating system modules and a parent operating system module together form a complete operating system specific to a certain gaming environment. No other games will be seen in one of the game environments.

当一个子操作系统被引导建立了二代子操作系统时, 其独享磁盘空间立 即被系统隔离模块设置为不可改写。  When a guest operating system is booted to create a second-generation guest operating system, its exclusive disk space is immediately set to be unrewritable by the system isolation module.

由于不同子操作系统模块构成的环境互相不可见即隔离, 因此, 可以构 建彼此保密的操作系统环境。 比如, 家庭用户可在一台计算机中基于一个母 操作系统模块为每个家庭成员创建子操作系统模块, 形成各自的操作环境; 一个家庭成员在自己的操作环境工作时, 完全不会影响到其他人数据, 也不 可以随意访问其他成员操作环境中的文件和数据, 保护家庭成员的个人隐私。  Since the environments formed by different guest operating system modules are isolated from each other, it is possible to construct an operating system environment that is kept secret from each other. For example, a home user can create a sub-operating system module for each family member based on a parent operating system module in a computer to form a respective operating environment; when a family member works in his or her operating environment, it does not affect the other. Human data, as well as free access to files and data in other member operating environments, protects the privacy of family members.

或者, 允许政府和企业用户基于一个母操作系统模块, 将工作环境与私 有环境完全隔离开, 实现针对工作环境的诸如网络隔离, 网络安全等方面的 自动化管理与控制。 可以再创建具有很高安全性的子操作系统模块, 用来进 行网上交易和网上金融事务处理, 这样, 用户不必在其他的低安全级别的系 统环境中进行交易, 而是通过专门用于网上交易的子操作系统模块进行交易 和事务处理等。 Or, allow government and enterprise users to completely isolate the work environment from the private environment based on a parent operating system module, such as network isolation, network security, etc. for the work environment. Automated management and control. It is possible to create a highly secure sub-operating system module for online transactions and online financial transactions, so that users do not have to trade in other low-security system environments, but instead use it exclusively for online transactions. Sub-operating system modules for transactions and transaction processing, etc.

基于上述实现操作系统隔离的系统, 本发明还提供了实现操作系统隔离 的方法, 在母操作系统模块安装完成后, 安装系统隔离模块; 系统隔离模块 建立磁盘位图文件和索引文件, 以备对磁盘读 /写进行监控。 参见图 8 , 为本 发明所提供方法的一个实施例的流程图, 步骤如下:  Based on the foregoing system for implementing operating system isolation, the present invention also provides a method for implementing operating system isolation. After the installation of the parent operating system module is completed, the system isolation module is installed; the system isolation module establishes a disk bitmap file and an index file, in preparation for Disk read/write is monitored. Referring to FIG. 8, a flowchart of an embodiment of a method provided by the present invention is as follows:

步骤 11、 系统隔离模块在外存访问控制模块中创建所述母操作系统模块 的磁盘位图文件, 标识所述母操作系统模块的独享磁盘空间, 该磁盘位图文 件不可更改;  Step 11: The system isolation module creates a disk bitmap file of the parent operating system module in the external storage access control module, and identifies an exclusive disk space of the parent operating system module, where the disk bitmap file cannot be changed;

步驟 12、 系统隔离模块引导建立一个或多个子操作系统模块, 并在外存 访问控制模块中为每个子操作系统模块创建磁盘位图文件和索引文件; 所述 磁盘位图文件标识所述子操作系统模块的独享磁盘空间, 所述索引文件标识 所有被所述系统隔离模块转储的数据的调用地址与转储后的存储地址及二者 间的对应关系; 初始时, 所述磁盘位图文件与索引文件为空;  Step 12: The system isolation module boots to establish one or more sub-operating system modules, and creates a disk bitmap file and an index file for each sub-operating system module in the external storage access control module; the disk bitmap file identifies the sub-operating system The exclusive disk space of the module, the index file identifies all the call addresses of the data dumped by the system isolation module and the storage address after the dump and the corresponding relationship between the two; initially, the disk bitmap file Empty with the index file;

步骤 13、 系统隔离模块根据上述磁盘位图文件标识磁盘空白空间, 该磁 盘空白空间为所述母操作系统模块的磁盘位图文件及子操作系统模块的磁盘 位图文件中标识的独享磁盘空间以外的磁盘空间;  Step 13: The system isolation module identifies the disk blank space according to the disk bitmap file, where the disk blank space is the disk space file of the parent operating system module and the exclusive disk space identified in the disk bitmap file of the guest operating system module. Disk space other than

步骤 14、 系统隔离模块对磁盘读 /写进行监控, 包括系统隔离模块监控当 前子操作系统模块对磁盘的读 /写访问; 如果是读访问, 系统隔离模块根据外 存访问控制模块的记录返回母操作系统模块和 /或当前子操作系统模块独享磁 盘空间中的数据; 如果是写访问, 系统隔离模块根据外存访问控制模块的记 录写入当前子操作系统模块的独享磁盘空间或磁盘空白空间中, 并修改外存 访问控制模块的记录。  Step 14. The system isolation module monitors the disk read/write, and the system isolation module monitors the read/write access of the current sub-operating system module to the disk. If the read access is performed, the system isolation module returns to the parent according to the record of the external access control module. The operating system module and/or the current guest operating system module exclusive data in the disk space; if it is a write access, the system isolation module writes the exclusive disk space or disk blank of the current guest operating system module according to the record of the external access control module. In space, and modify the records of the external access control module.

其中, 步驟 14的具体的步骤如下:  The specific steps of step 14 are as follows:

步骤 1401、 系统隔离模块检测当前子操作系统模块对磁盘的读 /写访问; 步骤 1402、 系统隔离模块判断为读访问还是写访问; 如果是读访问, 执 行步骤 1403; 否则, 执行步驟 1407;  Step 1401: The system isolation module detects the read/write access of the current sub-operating system module to the disk; Step 1402: The system isolation module determines whether it is a read access or a write access; if it is a read access, step 1403 is performed; otherwise, step 1407 is performed;

步骤 1403、 系统隔离模块提取当前运行的子操作系统模块发起的读取磁 盘数据操作的调用地址 AO;  Step 1403, the system isolation module extracts the calling address AO of the read disk data operation initiated by the currently running sub-operating system module;

步骤 1404、 系统隔离模块根据调用地址 AO查询当前子操作系统模块的 索引文件;如果索引文件中记录有该调用地址 AO及与其对应的存储地址 A1 , 执行步骤 1405; 否则, 表明该操作所请求的数据就在调用地址的位置, 执行 步骤 1406; Step 1404: The system isolation module queries the current sub-operating system module according to the calling address AO. The index file; if the call address AO and its corresponding storage address A1 are recorded in the index file, step 1405 is performed; otherwise, the data requested by the operation is at the location of the call address, and step 1406 is performed;

步骤 1405、 系统隔离模块从存储地址 A1位置读取数据并返回给当前子 操作系统模块, 结束读访问;  Step 1405: The system isolation module reads data from the storage address A1 location and returns the current sub-operating system module to end the read access.

步骤 1406、 系统隔离模块从调用地址的位置读取数据并返回给当前子操 作系统模块, 结束读访问。  Step 1406: The system isolation module reads data from the location of the calling address and returns to the current sub-operation system module to end the read access.

步骤 1407、 系统隔离模块提取当前运行的子操作系统模块发起的写入磁 盘数据操作的调用地址 B0;  Step 1407, the system isolation module extracts the call address B0 of the write disk data operation initiated by the currently running sub-operating system module;

步骤 1408、系统隔离模块根据调用地址 B0查询当前子操作系统模块的索 引文件; 如果索引文件中记录有该调用地址 B0及与其对应的存储地址 B1 , 执行步骤 1409; 否则执行步骤 1410;  Step 1408: The system isolation module queries the index file of the current guest operating system module according to the calling address B0. If the calling address B0 and the corresponding storage address B1 are recorded in the index file, step 1409 is performed; otherwise, step 1410 is performed;

步驟 1409、系统隔离模块将该数据写入到存储地址 B1位置,结束写访问; 步骤 1410、 系统隔离模块将数据写入磁盘空白空间, 该写入地址为存储 地址; 同时, 系统隔离模块在所述子操作系统模块的索引文件中该调用地址 位置记录该存储地址, 并将当前运行的子操作系统模块磁盘位图文件中的该 存储地址的对应位置标记为有数据状态, 结束写访问。  Step 1409, the system isolation module writes the data to the storage address B1 position, and ends the write access; Step 1410, the system isolation module writes the data to the blank space of the disk, and the write address is the storage address; meanwhile, the system isolation module is in the The calling address location records the storage address in the index file of the operating system module, and marks the corresponding location of the storage address in the currently running sub-operating system module disk bitmap file as having a data state, and ends the write access.

最后应说明的是: 以上实施例仅用以说明本发明的技术方案而非对其进 行限制,尽 参照较佳实施例对本发明进行了详细的说明, 本领域的普通技术 人员应当理解: 其依然可以对本发明的技术方案进行修改或者等同替换, 而 这些修改或者等同替换亦不能使修改后的技术方案脱离本发明技术方案的精 神和范围。  It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and are not to be construed as limiting the embodiments of the present invention. The technical solutions of the present invention may be modified or equivalently substituted, and the modified technical solutions may not deviate from the spirit and scope of the technical solutions of the present invention.

Claims

权利 要求 Rights request 1、 一种实现操作系统隔离的系统, 其特征在于包括:  A system for implementing operating system isolation, characterized by comprising: 一母操作系统模块, 所述母操作系统模块包括一个操作系统的内核, 用 于提供完成操作系统必需的基本功能的软件程序; 所述母操作系统模块对其 独享磁盘空间及磁盘空白空间进行读访问;  a parent operating system module, wherein the parent operating system module includes a kernel of an operating system for providing a software program that completes basic functions necessary for the operating system; and the parent operating system module performs exclusive disk space and disk blank space Read access 至少一个子操作系统模块, 包括用户对所述母操作系统模块所做的任何 修改信息; 同所述母操作系统模块交互, 对所述母操作系统模块的独享磁盘 空间进行读访问; 所述子操作系统模块对其独享磁盘空间及磁盘空白空间进 行读 /写访问;  At least one sub-operating system module, including any modification information made by the user to the parent operating system module; interacting with the parent operating system module to perform read access to the exclusive disk space of the parent operating system module; The guest operating system module has read/write access to its exclusive disk space and disk blank space; 一系统隔离模块, 所述系统隔离模块与所述母操作系统模块交互, 用于 根据用户指令引导和 /或建立子操作系统模块,指定和 /或修改所述母 /子操作系 统模块的独享磁盘空间和磁盘空白空间; 所述系统隔离模块还分别同所述母 / 子操作系统模块交互, 用于监控所述母 /子操作系统模块对磁盘的读 /写访问; 一外存访问控制模块, 同所述系统隔离模块交互, 记录所述母 /子操作系 统模块的独享磁盘空间。  a system isolation module, the system isolation module interacts with the parent operating system module, and is configured to guide and/or establish a child operating system module according to a user instruction, and specify and/or modify the exclusive use of the parent/child operating system module. Disk space and disk blank space; the system isolation module further interacts with the parent/child operating system module to monitor read/write access of the parent/child operating system module to the disk; and an external access control module And interacting with the system isolation module to record exclusive disk space of the parent/child operating system module. 2、 根据权利要求 1所述的实现操作系统隔离的系统, 其特征在于所述母 操作系统模块为一个或多个; 所述多个母操作系统模块独立设置,由所述系统 隔离模块指定每个母操作系统模块的独享磁盘空间并记录于所述外存访问控 制模块。  2. The system for implementing operating system isolation according to claim 1, wherein the parent operating system module is one or more; the plurality of parent operating system modules are independently set, and each of the system isolation modules specifies each The exclusive disk space of the parent operating system module is recorded in the external memory access control module. 3、 根据权利要求 1所述的实现操作系统隔离的系统, 其特征在于所述系 统隔离模块设置在 BIOS或 EFI中, 先于所述母操作系统模块启动。  3. The system for implementing operating system isolation according to claim 1, wherein the system isolation module is set in a BIOS or EFI, and is started before the parent operating system module. 4、 根据权利要求 1所述的实现操作系统隔离的系统, 其特征在于所述系 统隔离模块设置在硬盘控制器的固件程序中, 先于所述母操作系统模块启动。  4. The system for implementing operating system isolation according to claim 1, wherein the system isolation module is disposed in a firmware program of the hard disk controller, and is started before the parent operating system module. 5、 根据权利要求 1所述的实现操作系统隔离的系统, 其特征在于所述系 统隔离模块设置在所述母操作系统模块的内核之中和 /或内核之外, 与所述母 操作系统模块同时启动。  5. The system for implementing operating system isolation according to claim 1, wherein the system isolation module is disposed in a kernel of the parent operating system module and/or outside the kernel, and the parent operating system module Start at the same time. 6、 根据权利要求 1所述的实现操作系统隔离的系统, 其特征在于还设有 虛拟内存管理模块,该虚拟内存管理模块先于母 /子操作系统模块运行; 所述系 统隔离模块设置在虚拟内存管理模块中, 与虚拟内存管理模块同时启动。  6. The system for implementing operating system isolation according to claim 1, further comprising a virtual memory management module, wherein the virtual memory management module runs before the parent/child operating system module; and the system isolation module is set in a virtual state. In the memory management module, it is started simultaneously with the virtual memory management module. 7、 根据权利要求 1所述的实现操作系统隔离的系统, 其特征在于所述系 统还设有管理操作系统模块或服务操作系统模块, 该管理操作系统模块或服 务操作系统模块与母 /子操作系统模块同时运行, 或者, 先于母 /子操作系统模 块运行, 并为母 /子操作系统模块提供磁盘访问接口; 所述系统隔离模块设置 在所述管理操作系统模块或服务操作系统模块的内核之中和 /或内核之外。 7. The system for implementing operating system isolation according to claim 1, wherein the system further comprises a management operating system module or a service operating system module, the management operating system module or the service operating system module and the parent/child operation. System modules run simultaneously, or, prior to the parent/child operating system mode The block operates and provides a disk access interface for the parent/child operating system module; the system isolation module is disposed in the kernel of the management operating system module or the service operating system module and/or outside the kernel. 8、 根据权利要求 1所述的实现操作系统隔离的系统, 其特征在于所述外 存访问控制模块包括:  8. The system for implementing operating system isolation according to claim 1, wherein the external access control module comprises: 母操作系统磁盘位图文件, 用于记录所述母操作系统模块的磁盘存储块 状态, 标识所述母操作系统模块在磁盘上的独享磁盘空间;  a parent operating system disk bitmap file, configured to record a disk storage block status of the parent operating system module, and identify an exclusive disk space of the parent operating system module on the disk; 子操作系统磁盘位图文件, 用于记录所述子操作系统模块的磁盘存储块 状态, 标识所述子操作系统模块在磁盘上的独享磁盘空间;  a sub-operating system disk bitmap file, configured to record a disk storage block status of the sub-operating system module, and identify an exclusive disk space of the sub-operating system module on the disk; 子操作系统索引文件, 用于标识所有被所述系统隔离模块转储的数据的 调用地址与转储后的存储地址及二者间的对应关系。  The sub-operating system index file is used to identify the calling address of all the data dumped by the system isolation module and the storage address after the dump and the corresponding relationship between the two. 9、 根据权利要求 1-8任一所述的实现操作系统隔离的方法, 其特征在于 包括如下步骤:  The method for implementing operating system isolation according to any one of claims 1-8, comprising the steps of: 步骤 1、 系统隔离模块监控当前子操作系统模块对磁盘的读 /写访问; 步骤 2、如果是读访问, 系统隔离模块根据外存访问控制模块的记录返回 母操作系统模块和 /或当前子操作系统模块独享磁盘空间中的数据;  Step 1. The system isolation module monitors the read/write access of the current sub-operating system module to the disk. Step 2. If it is a read access, the system isolation module returns the parent operating system module and/or the current sub-operation according to the record of the external access control module. The system module exclusively enjoys the data in the disk space; 步骤 3、如果是写访问, 系统隔离模块根据外存访问控制模块的记录写入 当前子操作系统模块的独享磁盘空间或磁盘空白空间中, 并修改外存访问控 制模块的记录。  Step 3. If it is a write access, the system isolation module writes the exclusive disk space or the disk blank space of the current guest operating system module according to the record of the external access control module, and modifies the record of the external access control module. 10、 根据权利要求 9 所述的实现操作系统隔离的方法, 其特征在于所述 步骤 1之前还包括如下步骤:  10. The method for implementing operating system isolation according to claim 9, wherein the step 1 further comprises the following steps: 步驟 11、 系统隔离模块在外存访问控制模块中创建不可更改的母操作系 统磁盘位图文件, 标识所述母操作系统模块独享磁盘空间;  Step 11. The system isolation module creates an unchangeable mother operating system disk bitmap file in the external storage access control module, and identifies the exclusive disk space of the parent operating system module. 步骤 12、 系统隔离模块引导建立一个或多个子操作系统模块 , 并在外存 访问控制模块中为每个子操作系统模块创建对应的子操作系统磁盘位图文件 和索引文件; 所述子操作系统磁盘位图文件标识所述子操作系统模块的独享 磁盘空间, 所述索引文件标识所有被所述系统隔离模块转储数据的调用地址、 转储后的存储地址及二者间的对应关系;  Step 12: The system isolation module boots to establish one or more sub-operating system modules, and creates a corresponding sub-operating system disk bitmap file and an index file for each sub-operating system module in the external storage access control module; The map file identifies the exclusive disk space of the sub-operating system module, and the index file identifies all the call addresses of the data dumped by the system isolation module, the dumped storage address, and the corresponding relationship between the two; 步骤 13、 系统隔离模块根据所述母操作系统磁盘位图文件和所述子操作 系统磁盘位图文件标识磁盘空白空间, 该磁盘空白空间为所述母操作系统模 块的磁盘位图文件及子操作系统模块的磁盘位图文件中标识的独享磁盘空间 以外的磁盘空间。  Step 13: The system isolation module identifies a disk blank space according to the parent operating system disk bitmap file and the sub-operating system disk bitmap file, where the disk blank space is a disk bitmap file and a sub-operation of the parent operating system module. Disk space other than the exclusive disk space identified in the disk bitmap file of the system module. 11、 根据权利要求 9 所述的实现操作系统隔离的方法, 其特征在于所述 步骤 2具体为: 11. The method of implementing operating system isolation according to claim 9, wherein said method Step 2 is specifically as follows: 步骤 201、系统隔离模块提取当前运行的子操作系统模块发起的读:? α兹盘 数据操作的调用地址;  Step 201: The system isolation module extracts the read initiated by the currently running sub-operating system module: The address of the alpha disk data operation; 步骤 202、 系统隔离模块根据调用地址查询当前子操作系统模块的索引文 件;  Step 202: The system isolation module queries an index file of the current guest operating system module according to the calling address. 步骤 203、如果索引文件中该调用地址位置记录有该调用地址对应的存储 地址, 所述系统隔离模块从存储地址位置读取数据并返回给当前子操作系统 模块;  Step 203: If the call address location in the index file records the storage address corresponding to the call address, the system isolation module reads data from the storage address location and returns the data to the current guest operating system module. 步骤 204、如果索引文件中的调用地址位置的记录为空, 则表示该操作所 请求的数据就在调用地址的位置, 所述系统隔离模块从调用地址的位置读取 数据并返回给当前子操作系统模块。  Step 204: If the record of the call address location in the index file is empty, it indicates that the data requested by the operation is at the location of the call address, and the system isolation module reads the data from the location of the call address and returns the current sub-operation. System module. 12、 根据权利要求 9所述的实现操作系统隔离的方法, 其特征在于所述 步驟 3具体为:  The method for implementing operating system isolation according to claim 9, wherein the step 3 is specifically: 步骤 301、系统隔离模块提取当前运行的子操作系统模块发起的写入磁盘 数据操作的调用地址;  Step 301: The system isolation module extracts a call address of a write operation of the disk data initiated by the currently running guest operating system module. 步骤 302、系统隔离模块根据调用地址查询当前子操作系统模块的索引文件; 步驟 303、如果索引文件中该调用地址的位置记录有该调用地址对应的存 储地址, 系统隔离模块将该数据写 存储地址位置;  Step 302: The system isolation module queries the index file of the current sub-operating system module according to the calling address. Step 303: If the location of the calling address in the index file records the storage address corresponding to the calling address, the system isolation module writes the data to the storage address. Location 步骤 304、 如果索引文件中该调用地址位置记录为空, 则系统隔离模块将 数据写入磁盘空白空间, 该写入地址为存储地址; 同时, 系统隔离模块在所 述子操作系统模块的索引文件中该调用地址位置记录该存储地址, 并将当前 运行的子操作系统模块磁盘位图文件中的该存储地址的对应位置标记为有数 据状态。  Step 304: If the call address location record in the index file is empty, the system isolation module writes the data to the disk blank space, where the write address is a storage address; and the system isolation module is in the index file of the guest operating system module. The calling address location records the storage address, and marks the corresponding location of the storage address in the currently running sub-operating system module disk bitmap file as having a data state.
PCT/CN2006/001928 2005-08-23 2006-08-01 System and method for isolating operating system Ceased WO2007022686A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510093387.0 2005-08-23
CNB2005100933870A CN100403212C (en) 2005-08-23 2005-08-23 System and method for implementing operation system separation

Publications (1)

Publication Number Publication Date
WO2007022686A1 true WO2007022686A1 (en) 2007-03-01

Family

ID=37771220

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001928 Ceased WO2007022686A1 (en) 2005-08-23 2006-08-01 System and method for isolating operating system

Country Status (2)

Country Link
CN (1) CN100403212C (en)
WO (1) WO2007022686A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101770390B (en) * 2008-12-29 2013-05-01 北京联想软件有限公司 Display isolation method of computer and operation systems
CN104573498A (en) * 2015-01-16 2015-04-29 梁庆生 A method and device capable of preventing an operating system from being attacked by Trojan horses and viruses
CN105205668B (en) * 2015-09-16 2019-10-11 宇龙计算机通信科技(深圳)有限公司 Electronic account management method, electronic account management system and terminal
CN106502675A (en) * 2016-10-27 2017-03-15 铭软件股份有限公司 A kind of method for managing the multiple operating system on same computer
CN109235719B (en) * 2018-09-20 2021-12-14 普天智能照明研究院有限公司 A method of operating a combination of mounting modules
WO2023077519A1 (en) * 2021-11-08 2023-05-11 华为技术有限公司 Storage device supporting multiple operation systems, and configuration method and computer system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1508697A (en) * 2002-12-16 2004-06-30 联想(北京)有限公司 Method and apparatus for realizing protection of computer operation system in hard disk
US20050015581A1 (en) * 2003-07-18 2005-01-20 Hung-Ping Chen [selectable booting method by bios with multi-partition in the disk on a single computer platform]
US20050138282A1 (en) * 2003-12-18 2005-06-23 Garney John I. Maintaining disk cache coherency in multiple operating system environment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7146640B2 (en) * 2002-09-05 2006-12-05 Exobox Technologies Corp. Personal computer internet security system
US7975117B2 (en) * 2003-03-24 2011-07-05 Microsoft Corporation Enforcing isolation among plural operating systems
CN1658185A (en) * 2004-02-18 2005-08-24 国际商业机器公司 Computer system with mutual independence symbiont multiple eperation system and its switching method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1508697A (en) * 2002-12-16 2004-06-30 联想(北京)有限公司 Method and apparatus for realizing protection of computer operation system in hard disk
US20050015581A1 (en) * 2003-07-18 2005-01-20 Hung-Ping Chen [selectable booting method by bios with multi-partition in the disk on a single computer platform]
US20050138282A1 (en) * 2003-12-18 2005-06-23 Garney John I. Maintaining disk cache coherency in multiple operating system environment

Also Published As

Publication number Publication date
CN100403212C (en) 2008-07-16
CN1920731A (en) 2007-02-28

Similar Documents

Publication Publication Date Title
US8443358B1 (en) Hot pluggable virtual machine
EP2622459B1 (en) Virtual desktop configuration and operation techniques
US9830430B2 (en) Inherited product activation for virtual machines
US7725305B2 (en) Partial virtualization on computing device
US8555377B2 (en) Secure virtual machine
US8924703B2 (en) Secure virtualization environment bootable from an external media device
US9348636B2 (en) Transferring files using a virtualized application
US8301848B2 (en) Virtualizing storage for WPAR clients using node port ID virtualization
US10592434B2 (en) Hypervisor-enforced self encrypting memory in computing fabric
US20090307705A1 (en) Secure multi-purpose computing client
US20110246171A1 (en) Virtual Machine Fast Emulation Assist
US11163597B2 (en) Persistent guest and software-defined storage in computing fabric
US20120079607A1 (en) Request Based License Mode Selection
US20220229916A1 (en) Dynamic privilege management in a computer system
US20120079393A1 (en) Adaptable License Platform for Remote Sessions
WO2007022686A1 (en) System and method for isolating operating system
CN104598842A (en) Segmentation method for trust domain of virtual machine monitor
WO2022022708A1 (en) Inter-process communication method and apparatus, and computer storage medium
WO2007022687A1 (en) System and method for security control of operating system
US20250123867A1 (en) Location based firewall policy for virtual desktop infrastructure (vdi) systems
HK1187424B (en) Virtual desktop configuration and operation techniques
HK1187424A (en) Virtual desktop configuration and operation techniques

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06775260

Country of ref document: EP

Kind code of ref document: A1