关键词：电子信息；计算机；虚拟机；监控程序
摘 要：The purpose of this paper is to propose the creation of a security- enhancing hypervisor for PCs as a collaborative agenda for the research community. This agenda is not necessarily about answering fundamentally new research questions. Rather, it is a call to action about a rare chance for the community to have substantial impact. If researchers demonstrate compelling near-term benefits from a modest security layer, then OS vendors may adopt such a layer as a way to increase security without costly reengineering. The introduction of this secure foothold into the consumer software stack could then yield significant long-term benefits by providing a much better avenue for deploying security solutions. This agenda consists of two parts: (1) exploring how hypervisors can address end-user security issues and (2) exploring how to architect a small, secure hypervisor that provides several of these facilities. We believe that there are interesting and worthwhile challenges in both parts. The rest of this paper is organized as follows. We begin by explaining why hypervisors provide a highly attractive insertion point for security (Section 2) and summarizing work in this area (Section 3). We then discuss security facilities that a hypervisor can provide in Section 4, with a focus on trusted paths to online services. We conclude by discussing challenges associated with our proposal in Section 5.