高级检索

    基于VMFUNC的虚拟机自省触发机制

    A Virtual Machine Introspection Triggering Mechanism Based on VMFUNC

    • 摘要: 虚拟化技术作为云计算的基础得到了广泛应用,但随之而来的虚拟机安全问题日趋严重.虚拟机自省作为一种从外部监控虚拟机内部运行状态的方法,为解决虚拟机安全问题提供了新视角,但同时也引入了巨大开销,阻碍了实际应用.提出了一种基于VMFUNC的虚拟机自省(virtual machine introspection, VMI)触发机制.该机制借助CPU硬件特性VM-Function以及RDTSC指令模拟,将调用时产生VM Exit开销降至最低;利用VMFUNC的功能为目标虚拟机切换备用扩展页表,避免VMI程序运行时对虚拟机执行的中断;通过重载VMFUNC指令和Xentrace的功能实现高效的触发与信息传递机制,主动触发VMI程序运行,克服了VMI程序常驻带来的大量资源消耗.实现了虚拟机自省即服务系统,并进行了实验验证.结果表明:本系统带来额外性能开销不超过2%,使VMI在实际云环境中的广泛应用成为了可能.

       

      Abstract: Virtualization technology as the basis of cloud computing has been widely used, while security issues of virtual machine have been attracted more and more attention. The virtual machine introspection, as an “out-of-the-box” method leveraged to monitoring virtual machine, provides a new perspective for solving the security problems. Aiming at this situation, a triggering mechanism based on VMFUNC is proposed. Taking the advantages of the CPU hardware features VM-Function and RDTSC emulation, the mechanism minimizes the overhead of VM exits. Based on the extended page table view switching through the VMFUNC, our mechanism avoids the system pause caused by VMI programs. By means of overloading VMFUNC and Xentrace, our method can trigger VMI programs actively, thus overcoming the VMI program resident consumption. In this paper, a VMI-as-a-service system is implemented and verified by experiments. The results show that the performance cost is no more than 2%, which makes VMI widely being used possible in practical cloud environment.

       

    /

    返回文章
    返回