With the wide spread of network, especially'cloudcomputing', systems are facing more attacks by the malwares.Besides, virtual machines have been widely deployed in the'cloudcomputing'environment, thus resulting in larger importance onthe security of virtual machine systems. The security threats areevolving deeper into the system kernel and harder to be detected.In facing these situations, this article take a research on howto monitor different virtual machines on the same physical machinein the virtualized environment, utilizing the resource share andisolation of the virtualization system. We propose a securitymonitoring method based on virtual machines, to meet the needs ofboth a deep monitoring and a secure one. Based on this method,we implement a security monitoring system based on the open sourcevirtualization system: Xen. A privileged VM can monitor manyother VMs on the same physical machine. During the design andimplementation of the system, we have a trade-off between thedetect performance and the detect efficiency, and proposed a seriesof solutions to make the whole system flexible and customizable.The detecting experiment afterwards show that this system performswell on detecting rootkits lurking in the system kernels, and the performance experiments show the monitoring system has a highdetecting rate and detecting efficiency. This monitoring based onthe virtual machines can improve the security of guest virtualmachines as well as the whole virtualization system. |