ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2017, Vol. 54 ›› Issue (10): 2310-2320.doi: 10.7544/issn1000-1239.2017.20170452

Previous Articles     Next Articles

A Virtual Machine Introspection Triggering Mechanism Based on VMFUNC

Liu Weijie, Wang Lina, Tan Cheng, Xu Lai   

  1. (Key Laboratory of Aerospace Information Security and Trusted Computing (Wuhan University), Ministry of Education, Wuhan 430072) (School of Computer Science, Wuhan University, Wuhan 430072) (State Key Laboratory of Software Engineering (Wuhan University), Wuhan 430072)
  • Online:2017-10-01

Abstract: Virtualization technology as the basis of cloud computing has been widely used, while security issues of virtual machine have been attracted more and more attention. The virtual machine introspection, as an “out-of-the-box” method leveraged to monitoring virtual machine, provides a new perspective for solving the security problems. Aiming at this situation, a triggering mechanism based on VMFUNC is proposed. Taking the advantages of the CPU hardware features VM-Function and RDTSC emulation, the mechanism minimizes the overhead of VM exits. Based on the extended page table view switching through the VMFUNC, our mechanism avoids the system pause caused by VMI programs. By means of overloading VMFUNC and Xentrace, our method can trigger VMI programs actively, thus overcoming the VMI program resident consumption. In this paper, a VMI-as-a-service system is implemented and verified by experiments. The results show that the performance cost is no more than 2%, which makes VMI widely being used possible in practical cloud environment.

Key words: cloud computing security, virtual machine introspection, VMFUNC, extended page table pointer (EPTP) switching, VMI-as-a-service

CLC Number: