高级检索

    XenRPC:安全的虚拟机远程过程调用设计与实现

    XenRPC:Design and Implementation of Security VM Remote Procedure Call

    • 摘要: 虚拟机环境下进行通信的操作系统实际处于同一物理机器上,而当前的远程过程调用机制没有考虑虚拟机这个环境.针对这一问题,在Xen虚拟环境下设计并实现了虚拟机远程过程调用系统XenRPC.XenRPC利用XenAccess提供的接口和Xen提供的事件通道机制,采用域间共享内存的方式进行远程过程调用,避免了数据包发送时的编组操作,触发即时的上下文切换,并通过事件通道在域间进行事件的异步通知,因此较大提升了通信性能.另外,XenRPC为了避免栈溢出攻击,加强对共享内存的保护,检查共享栈的返回地址,若其返回地址被恶意程序修改,则对返回地址进行恢复,使用户免于栈溢出的攻击.实验结果表明,XenRPC在吞吐率、传输延时和CPU开销等方面的性能都优于SunRPC,Ice两种典型远程过程调用机制的性能.

       

      Abstract: In virtual machine environment, VMs often need to communicate with each other, but the fact is that the VMs are actually in the same physical machine. The existed remote procedure call mechanisms do not suit for virtual machine environment. In this paper, an Xen-specific remote procedure call mechanism named XenRPC is presented. XenRPC uses the interfaces provided by XenAccess and the event channel mechanism provided by Xen, to share memory between the two communicating processes. XenRPC removes the marshalling while data packets are sent, triggers an immediate context switching, and notifies events asynchronously through event channel to greatly enhance the communication performance. In addition, to avoid stack overflow attacks, XenRPC protects the memory shared and checks the return address of the shared stack. If the return address is modified by the malicious program, XenRPC will recover the return address to protect users from the stack overflow attacks. Performance evaluations show that the throughput, latency and CPU consumption of XenRPC are better than that of SunRPC and Ice, which are the two well-known remote procedure call mechanisms.

       

    /

    返回文章
    返回