高级检索

    基于动态策略学习的关键内存数据访问监控

    Critical Memory Data Access Monitor Based on Dynamic Strategy Learning

    • 摘要: 在基于虚拟机监控器(virtual machine monitor, VMM)的系统监控中,通常需要截获关键内存访问事件和关键指令执行从而监控细粒度的内存访问行为.然而利用VMM截获内存访问行为使得CPU控制权频繁陷入VMM中,导致性能开销巨大.当前已有的研究为了解决该问题,在内核编译阶段修改内核源码或者直接修改内核二进制文件,将安全关键数据重定向到单独的区域以减小陷入VMM的频率.然而这些方法必须修改被监控系统本身,并且被监控的区域在系统运行阶段不能修改,很大程度上影响了它们的应用场景,并且不够灵活.为了解决以上问题,提出了一种运行时动态调整需要监控的安全关键内存数据的方法DynMon,该方法对被监控的系统透明且不需要修改被监控系统.首先,通过对历史数据的收集和分析,自动学习系统运行状态和安全关键数据访问行为间的关系,将其作为安全关键数据监控策略的依据.然后,对系统运行状态实时监控,根据安全关键数据的监控策略,实时动态调整需要监控的内存访问区域,以减小不必要的监控带来的性能开销.实验结果表明:与没有动态监控策略的方法相比,该方法减小了22.23%的额外性能开销,并且在加大内存监控规模时,并不会过大增加系统的性能开销.

       

      Abstract: VMM-based approaches have been widely adopted to monitor fine-grained memory accessing behavior through intercepting safety-critical memory accessing and critical instructions executing. However, intercepting memory accessing operations lead to significant performance overhead as CPU control travels to VMM frequently. Some existing approaches have been proposed to resolve the performance problem by centralizing safety critical data to given memory regions. However, these approaches need to modify the source code or binary file of the monitored system, and cannot change monitoring strategies during runtime. As a result, the application scenarios are limited. To reduce the performance overhead of monitoring memory access in this paper, we propose an approach, named DynMon, which controls safety-critical data access monitoring dynamically according to system runtime states. It does not dependent on source code and need not to modify binary file of the monitored systems. DynMon obtains dynamic monitor strategies by learning from historical data automatically. With system runtime status and monitor strategies, DynMon decides memory access monitoring region dynamically at runtime. As a result, DynMon can alleviate system performance burden by reducing safety irrelevant region monitoring. The evaluations prove that it can alleviate 22.23% performance cost compared with no dynamic monitor strategy. Besides, the performance overhead will not increase significantly with large numbers of monitored data.

       

    /

    返回文章
    返回