Design And Implementation Of Vmm Based Virtual Machine Recovery System

In recent years malicious processes have serious threats to computer security, and malware processes are armed with stealthy techniques to detect, subvert malware detection facilities of the victim. Traditional host-based detection tools execute inside the very host they are protecting, which makes them easily to get an internal view of the protected OS, but it also makes them vulnerable to be deceived and subverted.A virtual machine monitor based virtual machine recovery system is designed and implemented in this paper. The system is placed outside of the protected virtual machine, using virtual machine introspection mechanism to inspect the low-level state of the protected virtual machine, and then reconstruct the guest OS data structures by guest view casting technique. Based on view comparison detection, the system identifies the missing of the critical processes, the target hidden processes and the integrity of the system calls. Using these information, this system can recovery the guest OS accordingly. This system is applied under the circumstance of Internet of Things and is used to ensure the high reliability and high availability of the sub-station.Traditional host-based detection systems are vulnerable to deceive and subvert, this system is designed to address this limitation and improve the effectiveness and accuracy of detection. The VMM offers multiple operating system executing environments and ensures the isolation of each other. The high privilege of VMM provides an outside view of the guest OS, we can inspect the guest OS from the host OS. What’s more, we can restart, restore the guest OS if we detect malware process. This paper introduces the requirement analysis of the virtual machine recovery system. Then we give a brief illustration of the architecture of the system and explaine the details of the design and implementation for every module. On the other side, this paper solved the problem of semantic gap, and introduces the techniques used in detection of hidden process, system call integrity and recovery policies. After that, several test cases under Internet of Things are used to test the functionality of the prototype system. At last, this paper summarizes the research work and puts forward the future research direction.