Strong System Log Security Based On Virtual Machine

As people are more and more depending on computer network, network security is becoming dramatically important. Computer system's log data might have important information about the system and network's states. Once the attacker successfully penetrates a protected system, in order to evade the tracing, auditing and obtaining evidence from administrators and professional, he/she never fails to modify the log data, or even worse, deletes them. Therefore, the security of system log data is directly related to the security of computer system.To avoid such a disaster, it is common and best to keep log data in another machine by forwarding them to a central log server. Currently, there are approaches to secure the log data. Unfortuanately, they all have unpleasant flaws: a large amount of hardware resources is wasted or the log data could be secretly sniffed.Recently, Virtual Machine Monitor is becoming a hot topic in academic and research area. At the same time, with the development of the application of VMM in the security area, in order to resolve the problems mentioned above, this research explores the implementation of a virtual machine monitor based log data real time copy in which the virtual machine monitor virtualized the hardware interface, and can be used to run multiple operating system instances on a single instance of hardware. All the log data can be sent to central log server via a shared memory among instances, thus no whatsoever data needs to get through the network stack, and all the component, including the data source, data target and even data traffic do not need to expose to the network stack. This solution is able to secure the log data and save a large mount of hardware resources. There are three aspects of our main research work:1. At first, this paper deeply analysis the development status, practical applications and classification of virtual machine techinique. Secondly, it expatiates on log technology of Linux and syslog technology in detail. And then it introduces the characteristics and configuration of Xen and communications principle among instances based on Xen virtual machine. Then a design scheme of a virtual machine monitor based log data real time copy architecture, all the system modules and their function implementation are introduced.2. This paper analyis the basic communications principle among instances based on Xen virtual machine, introduces the Xen virtual machine architecture in detail, and successfully implements the log data real time copy architecture based on Xen virtual machine.3. The architecture's validity is proved through system testing. Although this architecture affects system hardware resource in some sort, this architecture is more secure, effective and reliable. Moreover, compared to normal computing system in system resources occupancy rate, it is proved that this architecture is far superior to those in the normal environmentIn addition, this paper also does researches in depth daemon technology under Linux system, and ensures the gathering and transmitting of log data at a high real-time performance.In a word, this paper describes a proposal to increase the security of system log data using virtual machine monitor. The basic principle is transmitting log data through share memory among different instances running on the Xen virtual machine, and take advantage of virtual machine monitor interface ensure system log data transmitting procedure has the high real-time and synchronism. Experimental results prove that this approach is reasonable and will contribute to the improvement of log data backup's security.