Research And Implementation Of Virtual Machine Monitor Based On Ardware-Assited Virtualization

Along with the rapid growth of Internet data information and virtualization technologies gradually mature, more and more computing systems and service programs are deployed in virtual environment. Based on the efficient dynamic and extensibility, virtualization technology is effectively supporting the massive Internet business. Virtualization is providing unlimited convenience but also increases the risk of the information attacked by malicious software, so it is very important to study the virtualization security monitor. As open source virtual machine, Xen has great research value in the field of virtualization and received the widespread attention because of its good performance. Hardware-assisted virtualization technology guarantees the transparency of the security monitor system because of its high privilege level advantage.In this paper, a small virtual machine monitor system named XMonitor is built in the Xen platform using hardware-assisted virtualization Intel VT-x and extended page tables technology. In order to comprehensively protect the safety of the virtual machine, the monitor system deployed in the external of target virtual machine can monitor internal processes, kernel modules and other important information actively. The system realizes the monitor from three function modules, which respectively are:process monitor, the kernel loadable module monitor, file monitor. The system registers memory write event, register event and step debugging event using the interfaces provided by Xen in the inside of the virtual machine. It intercepts the events through the event trigger mechanism, and then obtains the target virtual machine memory, CPU resources, after semantic reconstruction analyzes the details of virtual machine process (including hidden process, and abnormal system calls), the kernel loadable module, file in detail.This paper realizes a virtual machine monitor system XMonitor based on hardware-assisted virtualization. The system includes three functions mentioned above, to protect the safety of the virtual machine. In order to verify the system effectiveness, functional test each module, and analyze the whole system influence on the performance of the virtual machine, the results show that the implementation of monitor system is feasible in the field of virtual machine monitor.