The embodiment of the invention provides a method and a device for realizing security isolation of a virtual machine, and the method comprises the steps: employing a same-layer address space isolationmechanism, and creating a security isolation execution environment on a virtualization layer; isolating the memory of a target virtual machine from an untrusted virtual execution environment by usingthe securely isolated execution environment and adopting a memory dynamic marking and tracking strategy, and realizing mutual isolation between the target virtual machine and other virtual machines;and monitoring context switching of the target virtual machine and address mapping of the target virtual machine in the securely isolated execution environment by using a VMCS, extension page table structure hiding and virtual machine exit redirection strategy. According to the embodiment of the invention, a same-layer address space isolation mechanism is adopted to perform high-strength memory isolation on the virtual machine in an untrusted virtualization execution environment, so that the performance cost of the system can be effectively ensured, the memory of the virtual machine is comprehensively isolated, and the security of the system is improved.