Research And Implementation Of Virtual Machine Security Monitoring Technology In Cloud

With the rapid development of information technology, cloud computing technology has been widely used. Cloud computing is a computing mode based on the Internet, and provides software resources and hardware resources to user on demand with scalability, dynamic, cheapness, reliability, generality, real-time, etc. When the concept of cloud computing is becoming more and more mature, it constantly encounters all kinds of challenges, and the security issue is very important. Therefore, the research is of great significance for security monitoring in cloud computing environment.Cloud computing contains many key technologies, such as virtualization technology, distributed computing, distributed database, etc. The virtualization technology is the core technology of cloud computing service, because it can provide cloud computing service through virtualizing hardware resources of cloud computing infrastructure platform. Xen is one of the most popular virtualization platform. It is a virtualization product with open source, stable performance and occupying less resource. Therefore, monitoring the virtual machine on Xen has important value.From the point of view of information security, cloud computing needs to establish a strict protection system for identifying and intercepting the invasion and attack of malicious software. Rootkit is a special malicious software and a serious threat to cloud computing. Rootkit can obtain the permission of super user and control the target operating system. It hides not only itself but also process, file, module, network connection, etc. Therefore, detecting the existence of hidden information plays an important role in improving the computer security.For the virtual machine security issue in cloud computing environment, this paper presents a virtual machine security monitoring technology (SMT) based on Xen. SMT resides in the host machine and uses the virtual machine introspection mechanism to capture the kernel information of the monitored virtual machine. SMT does not need to install any codes inside the monitored virtual machine. So it can better avoid the attacks from the malicious software and improve the security of the computer system. At the same time, the system architecture of SMT is implemented by separating the front end and the back end. SMT can be easily extended to other virtualization platforms and operating systems. Hence, the portability of SMT has been enhanced. The experimental results show that SMT can quickly and accurately obtain the kernel information of the monitored virtual machine and detect the existence of the hidden kernel information.