A Virtual Machine Introspection Triggering Mechanism Based on VMFUNC

Liu Weijie; Wang Lina; Tan Cheng; Xu Lai

doi:10.7544/issn1000-1239.2017.20170452

Journal of Computer Research and Development > 2017 > 54(10): 2310-2320. > DOI: 10.7544/issn1000-1239.2017.20170452 CSTR: 32373.14.issn1000-1239.2017.20170452

Liu Weijie, Wang Lina, Tan Cheng, Xu Lai. A Virtual Machine Introspection Triggering Mechanism Based on VMFUNC[J]. Journal of Computer Research and Development, 2017, 54(10): 2310-2320. DOI: 10.7544/issn1000-1239.2017.20170452

Citation:

PDF (3301 KB)

A Virtual Machine Introspection Triggering Mechanism Based on VMFUNC

(Key Laboratory of Aerospace Information Security and Trusted Computing (Wuhan University), Ministry of Education, Wuhan 430072) (School of Computer Science, Wuhan University, Wuhan 430072) (State Key Laboratory of Software Engineering (Wuhan University), Wuhan 430072)

More Information

Published Date: September 30, 2017

Graphical Abstract

Abstract

Abstract

Virtualization technology as the basis of cloud computing has been widely used, while security issues of virtual machine have been attracted more and more attention. The virtual machine introspection, as an “out-of-the-box” method leveraged to monitoring virtual machine, provides a new perspective for solving the security problems. Aiming at this situation, a triggering mechanism based on VMFUNC is proposed. Taking the advantages of the CPU hardware features VM-Function and RDTSC emulation, the mechanism minimizes the overhead of VM exits. Based on the extended page table view switching through the VMFUNC, our mechanism avoids the system pause caused by VMI programs. By means of overloading VMFUNC and Xentrace, our method can trigger VMI programs actively, thus overcoming the VMI program resident consumption. In this paper, a VMI-as-a-service system is implemented and verified by experiments. The results show that the performance cost is no more than 2%, which makes VMI widely being used possible in practical cloud environment.
- cloud computing security,
- virtual machine introspection,
- VMFUNC,
- extended page table pointer (EPTP) switching,
- VMI-as-a-service

FullText(HTML)

References (0)

[1]	Zou Shichen, Wang Huiqiang, Lü Hongwu, Feng Guangsheng, Lin Junyu. Service Substitution Method in Distributed Virtualized Environment Based on Transaction[J]. Journal of Computer Research and Development, 2018, 55(2): 377-390. DOI: 10.7544/issn1000-1239.2018.20160925
[2]	Shi Yuan, Zhang Huanguo, Wu Fusheng. A Method of Constructing the Model of Trusted Virtual Machine Migration[J]. Journal of Computer Research and Development, 2017, 54(10): 2284-2295. DOI: 10.7544/issn1000-1239.2017.20170465
[3]	Zhu Changpeng, Zhao Yinliang, Han Bo, Zeng Qinghua, and Liu Songjia. A VM-centric Approach for Dynamic Layer Binding[J]. Journal of Computer Research and Development, 2014, 51(2): 429-444.
[4]	Chen Hao, Peng Cuifen, Sun Jianhua, and Shi Lin. XenRPC:Design and Implementation of Security VM Remote Procedure Call[J]. Journal of Computer Research and Development, 2012, 49(5): 996-1004.
[5]	Zhang Xiang, Huo Zhigang, Ma Jie, Meng Dan. Fast and Live Whole-System Migration of Virtual Machines[J]. Journal of Computer Research and Development, 2012, 49(3): 661-668.
[6]	Wang Kai, Hou Zifeng. A Relaxed Co-Scheduling Method of Virtual CPUs on Xen Virtual Machines[J]. Journal of Computer Research and Development, 2012, 49(1): 118-127.
[7]	Wang Kai, Hou Zifeng. An Adaptive Scheduling Method of Weight Parameter Adjustment on Virtual Machines[J]. Journal of Computer Research and Development, 2011, 48(11): 2094-2102.
[8]	Wang Lina, Gao Hanjun, Liu Wei, Peng Yang. Detecting and Managing Hidden Process via Hypervisor[J]. Journal of Computer Research and Development, 2011, 48(8): 1534-1541.
[9]	Jin Hai, Zhong Alin, Wu Song, and Shi Xuanhua. Virtual Machine VCPU Scheduling in the Multi-core Environment:Issues and Challenges[J]. Journal of Computer Research and Development, 2011, 48(7): 1216-1224.
[10]	Xu Mingwei, Hu Chunming, Liu Xudong, and Ma Dianfu. Research and Implementation of Web Service Differentiated QoS[J]. Journal of Computer Research and Development, 2005, 42(4): 669-675.