| In the cloud computing environment, it usually provides the functionality formonitoring virtual machines (VMs), to obtain the running state and resource usage of theVM. However, existing monitoring mechanisms either perform coarse-grained monitoringon the VM or only work with VMs of specific type, that cannot detect malicious behaviorsin the VM and cannot support runtime environment with a variety of VM coexist. With theincreasing size of management domain (Dom0), traditional monitoring mechanisms basedon a safe and reliable Dom0cannot guarantee the authenticity of the monitoringinformation, therefore it is necessary to exclude Dom0from the trusted base in order toensure the credibility of cloud services.Based on the idea of privilege separation, a trusted monitoring framework for cloudplatforms (TMF) was proposed to solve the distrust problem between cloud users andcloud service providers, by excluding Dom0from the trusted base. Trusted bootingtechnology and memory protection technology are utilized to protect DomM from twoaspects: startup integrity and runtime integrity. System call interception technology andsemantic reconstruction technology are used to provide general fine-grained monitoringfor Guest-VMs, which can obtain monitoring information of the VM, such as processes,network connections, file operations, etc. Moreover, privilege management operationinterception technology and management operation parsing technology are used tomonitor the management operation to Guest-VMs in Dom0. Finally, by deployingmonitoring tools in DomM, which is integrated and trusted, users can obtain real runningstate and resource usage of VMs.Experiment results show that:(1) TMF can not only perform security monitoring onVMs of different OS type, but also intercept the management operation to Guest-VMs inDom0;(2) The IO performance loss of TMF can be controlled within10%in most cases,and the CPU performance loss can be controlled within20%for the applications, whichperform system calls frequently. |
PDF Full Text Request