期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于VMM层系统调用分析的软件完整性验证 被引量:13

Software Integrity Verification Based on VMM-Level System Call Analysis Technique
下载PDF
导出
摘要 在虚拟化云计算平台中,如何保证其上运行软件的可信性是云平台广泛应用的关键.完整性测量与验证技术是保证软件系统可信性的一种主要方法.然而,现有的软件完整性验证系统大多需要修改操作系统内核,很难为大规模虚拟机环境中的众多异构系统提供一致解决方案,且无法抵御内核级恶意攻击.针对当前方法在兼容性、安全性以及可管理性上存在的问题,设计并实现了一种在VMM层基于系统调用分析技术来验证软件完整性的方法VMGuard.它通过截获客户操作系统中的系统调用来识别软件加载,并基于系统调用关联性分析和虚拟机文件系统元数据重构技术来验证客户操作系统中软件的完整性.在Qemu和KVM两种主流虚拟化平台上实现了VMGuard,并通过实验评测VMGuard的有效性和性能.实验结果表明,VMGuard能够有效验证客户操作系统中软件的完整性,且性能开销在10%以内. Abstract In virtualized cloud computing platform, the key security problem is to guarantee trustworthiness of the softwares which are running in the platform. Integrity measurement and verification has been proposed and studied by many researchers as an effective way to verify the integrity of computer systems. However, existing approaches have some limitations on compatibility, security and maintainability, and cannot be applied into the cloud computing platform. In this paper, we propose a approach named VMGuard, which leverages VMM to enable take integrity measurement outside the operating system. We adopt VMM-based system call interception technique to detect the execution of binaries. System call correlation and guest OS file system metadata reconstruction are proposed to verify the integrity of software in guest OS. We have developed a prototype of VMGuard and implemented it in two mainstream virtual machine monitors, Qemu and KVM, respectively. We also evaluate the effectiveness and performance overhead of our approach by comprehensive experiments. The results show that VMGuard achieves effective integrity measurement with less than 10% overhead.
作者 李博 李建欣 胡春明 沃天宇 怀进鹏
机构地区 北京航空航天大学计算机学院
出处 《计算机研究与发展》 EI CSCD 北大核心 2011年第8期1438-1446,共9页 Journal of Computer Research and Development
基金 国家自然科学基金项目(91018004 60903149) 国家"九七三"重点基础研究发展计划项目(2011CB302600) 北京航空航天大学科技领航基金项目(YWF-11-02-010)
关键词 云计算 虚拟化 完整性验证 系统调用分析 软件加载 cloud computing virtualization integrity verification system call analysis softwareloading
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献18

  • 1Sailer R, Zhang X, Jaeger T, et al. Design and implementation of a TCG based integrity measurement architecture [C] //Proc of the 13th USENIX Security Symposium. Berkeley: USENIX, 2004: 223-238.
  • 2Jaeger T, Sailer R, Shankar U. Prima: Policy-reduced integrity measurement architecture [C] //Proc of the 2007 ACM workshop on Scalable trusted computing. New York: ACM, 2006:19-28.
  • 3Kim G, Spafford E. The design and implementation of tripwire: A file system integrity checker [C] //Proc of the 2nd ACM Conf on Computer and Communications Security. New York.. ACM, 1994:18-29.
  • 4Garfinkel T, Rosenblum M. A virtual machine introspection based architecture for intrusion detection [C] // Proc of the 10th Annual Network and Distributed System Security Symp. Washington DC: ISOC, 2003 : 191-200.
  • 5Jones S T, Arpaci-Dusseau A C, Arpaci Dusseau R H. Antfarm: Tracking processes in a virtual machine environment [C]//Proc of the USENIX Annual Technical Conf. Berkeley: USENIX, 2006:1-14.
  • 6Kivity A. KVM A full virtualization solution for Linux on x86 hardware [OL]. [2011-05 07]. http://www. |inux-kvm. org.
  • 7Bellard F. Qemu--A fast processor emulator using a portable dynamic translator [OL]. [2011-5-10]. http://www, qemu. org.
  • 8Dinaburg, Royal P, Sharif M I, et al. Ether: Malware analysis via hardware virtualization extensions [C] //Proc of ACM Conf on Computer and Communications Security. New York: ACM, 2008: 51-62.
  • 9Petroni N L, Jr. , Fraser T, Molina J, et al. Copilot A coprocessor-based kernel runtime integrity monitor [C] // Proc of the 13th USENIX Security Symposium, Berkeley: USENIX, 2004:179-194.
  • 10Dunlap G W, King S T, Cinar S, et al. ReVirt: Enabling intrusion analysis through virtual-machine logging and replay [C] //Proc of the 5th Syrup on Operating Systems Design and Implementation. New York: ACM, 2002:211-224.

二级参考文献18

  • 1李庆华,赵峰.一种面向容侵系统的并行错误检测方法——PBL方法[J].计算机研究与发展,2006,43(8):1411-1416. 被引量:3
  • 2Verissimo P, Neves N F, Correia M. Intrusion tolerant architectures: Concepts and design, DI/FCUL TR03-5 [R]. Springfield: University of Lisboa, 2003.
  • 3Jaeger T, Sailer R, Sreenivasan Y. Managing the risk of covert information flows in virtual machine systems [C]// Proc of the 12th ACM Syrup on Access Control Models and Technologies. New York: ACM, 2007:81-90.
  • 4Asrigo K, Litty L, Lie D. Using VMM-based sensors to monitor honeypots [C] //Proc of the 2nd Int Conf on Virtual Execution Environments. New York: ACM, 2006:13-23.
  • 5Matthews J N, Herne J J, Deshane T M, et al. Data protection and rapid recovery from attack with a virtual private file server and virtual machine appliances [C] //Proc of the 2nd IASTED Int Conf on Communication, Network and Information Security. Phoenix: ACTA, 2005:170-181.
  • 6Nagarajan A B, Mueller F, Engelmann C, et al. Proactive fault tolerance for HPC with xen virtualization [C]//Proc of the 21st Annual Int Conf on Supercomputing. New York: ACM, 2007:23-32.
  • 7Reiser H P, Kapitza R. VM-FIT: Supporting intrusion tolerance with virtualisation technology[C] //Proc of the 1st Workshop on Recent Advances on Intrusion-Tolerant Systems. New York: ACM, 2007:18-22.
  • 8Sun Wenchun, Chen Yiming. VMITN: A novel intrusion tolerance arehitecture for treating the rapid propagation of malicious programs [C] //Proc of the Int Computer Syrup. Piseataway, NJ: IEEE, 2006.
  • 9Nguyen A, Takefuji Y. A novel approach for a file-system integrity monitor tool of xen virtual machine [C] //Proc of the 2nd ACM Syrup on Information, Computer and Communications Security. New York: ACM, 2007 : 194-202.
  • 10Nguyen A, Takefuji Y. A real-time integrity monitor for xen virtual machine [C] //Proc of The IEEE Int Conf on Networking and Services. Piscataway, NJ: IEEE, 2006: 90- 98.

共引文献2

同被引文献173

  • 1刘旭恒,吴秀龙,刘新宁,康军.基于VMM的外部存储接口模块的验证平台搭建[J].电子技术(上海),2010(9):61-62. 被引量:1
  • 2张谦,贺也平,孟策.解决度量-验证时间差的一种差值证明方法[J].通信学报,2009,30(S1):43-50. 被引量:2
  • 3张焕国,罗捷,金刚,朱智强,余发江,严飞.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518. 被引量:114
  • 4任江春,王志英,戴葵.一种新的进程可信保护方法[J].武汉大学学报(理学版),2006,52(5):532-536. 被引量:3
  • 5Lu Jianping, Guo Yudong, Wang Xiaorui, et al. Based on collaborative VMM virtual machine execution environment dynamic allocation model of computer application,2012,32(3):831-834.
  • 6Yi Qiuping,Liu Jian,martial arts. The access verified protection security VMM formal prototype system is designed and realized. Computer science,2010,37( 12): 85-90.
  • 7Zhang Jisheng, Chen Xianglan, Zhou Xuehal. VMM Guest OS process management tool design and Realization of the computer application and software, 2010,27(9): 163 - 165.
  • 8张焕国,赵波.可信计算[M].武汉:武汉大学出版社,2011:33-35.
  • 9Tal G,Mendel R. A virtual machine introspection based architecture for intrusion detection[J]. Network and distributed system security, 2003:191-206.
  • 10Fabrizio B, Daniele S. Building trust worthy intrusion detection through VMIntrospection[J]. International Accounting Standards, 2007,21 (6) :209-214.

引证文献13

二级引证文献54

计算机研究与发展
2011年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部