ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2017, Vol. 54 ›› Issue (10): 2310-2320.doi: 10.7544/issn1000-1239.2017.20170452

• 信息安全 • 上一篇    下一篇

基于VMFUNC的虚拟机自省触发机制

刘维杰,王丽娜,谈诚,徐来   

  1. (空天信息安全与可信计算教育部重点实验室(武汉大学) 武汉 430072) (武汉大学计算机学院 武汉 430072) (软件工程国家重点实验室(武汉大学) 武汉 430072) (liuweijie@whu.edu.cn)
  • 出版日期: 2017-10-01
  • 基金资助: 
    国家自然科学基金项目(61373169,61672394);国家“八六三”高技术研究发展计划基金项目(2015AA016004);国家科技支撑计划基金项目(2014BAH41B00);NSFC-通用技术基础研究联合基金项目(U1536204)

A Virtual Machine Introspection Triggering Mechanism Based on VMFUNC

Liu Weijie, Wang Lina, Tan Cheng, Xu Lai   

  1. (Key Laboratory of Aerospace Information Security and Trusted Computing (Wuhan University), Ministry of Education, Wuhan 430072) (School of Computer Science, Wuhan University, Wuhan 430072) (State Key Laboratory of Software Engineering (Wuhan University), Wuhan 430072)
  • Online: 2017-10-01

摘要: 虚拟化技术作为云计算的基础得到了广泛应用,但随之而来的虚拟机安全问题日趋严重.虚拟机自省作为一种从外部监控虚拟机内部运行状态的方法,为解决虚拟机安全问题提供了新视角,但同时也引入了巨大开销,阻碍了实际应用.提出了一种基于VMFUNC的虚拟机自省(virtual machine introspection, VMI)触发机制.该机制借助CPU硬件特性VM-Function以及RDTSC指令模拟,将调用时产生VM Exit开销降至最低;利用VMFUNC的功能为目标虚拟机切换备用扩展页表,避免VMI程序运行时对虚拟机执行的中断;通过重载VMFUNC指令和Xentrace的功能实现高效的触发与信息传递机制,主动触发VMI程序运行,克服了VMI程序常驻带来的大量资源消耗.实现了虚拟机自省即服务系统,并进行了实验验证.结果表明:本系统带来额外性能开销不超过2%,使VMI在实际云环境中的广泛应用成为了可能.

关键词: 云计算安全, 虚拟机自省, VMFUNC, 扩展页表指针切换, 虚拟机自省即服务

Abstract: Virtualization technology as the basis of cloud computing has been widely used, while security issues of virtual machine have been attracted more and more attention. The virtual machine introspection, as an “out-of-the-box” method leveraged to monitoring virtual machine, provides a new perspective for solving the security problems. Aiming at this situation, a triggering mechanism based on VMFUNC is proposed. Taking the advantages of the CPU hardware features VM-Function and RDTSC emulation, the mechanism minimizes the overhead of VM exits. Based on the extended page table view switching through the VMFUNC, our mechanism avoids the system pause caused by VMI programs. By means of overloading VMFUNC and Xentrace, our method can trigger VMI programs actively, thus overcoming the VMI program resident consumption. In this paper, a VMI-as-a-service system is implemented and verified by experiments. The results show that the performance cost is no more than 2%, which makes VMI widely being used possible in practical cloud environment.

Key words: cloud computing security, virtual machine introspection, VMFUNC, extended page table pointer (EPTP) switching, VMI-as-a-service

中图分类号: