| Recently,virtualization technology,as the basis of Cloud Computing,has been widely deployed.Meanwhile,the security of virtual machines has been receiving more and more attentions.Among various potential solutions,Virtual Machine Introspection(VMI),as a method of monitoring virtual machines from the outside,is a novel one that addressing security concerns of virtual machines,which leverages the isolation provided by Virtual Machine Monitor as well as the new abstract level between hardware and virtualized operating system and hence has a comprehensive understanding to the internal states of virtual machines.This paper exposes the demerits of current VMI technology leveraged in large-scale virtual machine security monitoring by studying and analyzing the mainstream VMI inplementations in the cloud environment.The existing VMI applications have high resource consumption,which can not be adopted well to the cloud environment.In this paper,a VMI triggering mechanism based on CPU hardware is proposed.This paper demonstrates that this mechanism has the following advantages:1.triggering the VMI program by VMFUNC initiatively decreases the resource consumption that previous VMI applications have caused;2.switching extended page tables by VMFUNC to avoid that the VMI program to impede the normal operations of Virtual Machine(VM),which improves the efficiency of VM execution.Based on this mechanism,this paper designs and implements the VMI-as-a-service system.We integrate the VMFUNC sensing module,VMI triggering module and VMI startup module and detail the function and work flow of them.The experimental results of the prototype system show that the performance of VMI-as-a-service system proposed in this paper obviously beats the existing VMI system,which is in accordance with the expectation of theoretical analysis.This is a powerful solution to the security monitoring plight of the large-scale virtual machine in the cloud computing environment and provides new ideas for the model of VMI. |
PDF Full Text Request