基于VMM层系统调用分析的软件完整性验证
Software Integrity Verification Based on VMM-Level System Call Analysis Technique
-
摘要: 在虚拟化云计算平台中,如何保证其上运行软件的可信性是云平台广泛应用的关键.完整性测量与验证技术是保证软件系统可信性的一种主要方法.然而,现有的软件完整性验证系统大多需要修改操作系统内核,很难为大规模虚拟机环境中的众多异构系统提供一致解决方案,且无法抵御内核级恶意攻击.针对当前方法在兼容性、安全性以及可管理性上存在的问题,设计并实现了一种在VMM层基于系统调用分析技术来验证软件完整性的方法VMGuard.它通过截获客户操作系统中的系统调用来识别软件加载,并基于系统调用关联性分析和虚拟机文件系统元数据重构技术来验证客户操作系统中软件的完整性.在Qemu和KVM两种主流虚拟化平台上实现了VMGuard,并通过实验评测VMGuard的有效性和性能.实验结果表明,VMGuard能够有效验证客户操作系统中软件的完整性,且性能开销在10%以内.Abstract: In virtualized cloud computing platform, the key security problem is to guarantee trustworthiness of the softwares which are running in the platform. Integrity measurement and verification has been proposed and studied by many researchers as an effective way to verify the integrity of computer systems. However, existing approaches have some limitations on compatibility, security and maintainability, and cannot be applied into the cloud computing platform. In this paper, we propose a approach named VMGuard, which leverages VMM to enable take integrity measurement outside the operating system. We adopt VMM-based system call interception technique to detect the execution of binaries. System call correlation and guest OS file system metadata reconstruction are proposed to verify the integrity of software in guest OS. We have developed a prototype of VMGuard and implemented it in two mainstream virtual machine monitors, Qemu and KVM, respectively. We also evaluate the effectiveness and performance overhead of our approach by comprehensive experiments. The results show that VMGuard achieves effective integrity measurement with less than 10% overhead.