Information Transfer Model of Virtual Machine Based on Storage Covert Channel

Information Transfer Model of Virtual Machine Based on Storage Covert Channel

导出

摘要 Aiming at the problem that virtual machine information cannot be extracted incompletely, we extend the typical information extraction model of virtual machine and propose a perception mechanism in virtualization system based on storage covert channel to overcome the affection of the semantic gap. Taking advantage of undetectability of the covert channel, a secure channel is established between Guest and virtual machine monitor to pass data directly. The Guest machine can pass the control information of malicious process to virtual machine monitor by using the VMCALL instruction and shared memory. By parsing critical information in process control structure, virtual machine monitor can terminate the malicious processes. The test results show that the proposed mechanism can clear the user-level malicious programs in the virtual machine effectively and covertly. Meanwhile, its performance overhead is about the same as that of other mainstream monitoring mode. Aiming at the problem that virtual machine information cannot be extracted incompletely, we extend the typical information extraction model of virtual machine and propose a perception mechanism in virtualization system based on storage covert channel to overcome the affection of the semantic gap. Taking advantage of undetectability of the covert channel, a secure channel is established between Guest and virtual machine monitor to pass data directly. The Guest machine can pass the control information of malicious process to virtual machine monitor by using the VMCALL instruction and shared memory. By parsing critical information in process control structure, virtual machine monitor can terminate the malicious processes. The test results show that the proposed mechanism can clear the user-level malicious programs in the virtual machine effectively and covertly. Meanwhile, its performance overhead is about the same as that of other mainstream monitoring mode.

作者 WANG Xiaorui WANG Qingxian GUO Yudong LU Jianping

机构地区 Fourth Department State Key Laboratory of Mathematical Engineering and Advanced Computing Department of Communication Command

出处《Wuhan University Journal of Natural Sciences》 CAS 2013年第5期377-384,共8页 武汉大学学报（自然科学英文版）

基金 Supported by the National High Technology Research and Development Program of China (863 Program) (2009AA012200) Henan Province Science and Technology Funding Projects ( SP09JH11158)

关键词 VIRTUALIZATION safety protection information extraction of virtual machine covert channel process control structure virtualization safety protection information extraction of virtual machine covert channel process control structure

分类号 TN91 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献19

1Brickell E F, Hall C D, Cihula J F, et al. Method of improv- ing computer security through sandboxing [P]. US: 7908653, 2011-03-15.
2Ashok R K, Jemiolo D E, Kaplinger T E, et al. Secure ac- cess to a virtual machine [P]. US: 13/420, 102, 2012-03-14.
3Tupakula U, Varadharajan V, Bichhawat A. Security archi- tecture for virtual machines [C]//Proc 1 lth Algorithms and architectures for parallel processing. Berlin, Heidelberg: Springer-Verlag, 2011 : 218-229.
4Garber L. The challenges of securing the virtualized envi- ronment [J]. Computer, 2012, 45(1): 17-20.
5Haeberlen A, Aditya P, Rodrigues R, et al. Accountable virtual machines [C]//Proc 9th USENIX Operating systems design and implementation. New York: USENIX Associa- tion, 2010: 58-74.
6Kunk A, Bohman P, Shaw E. VMM based rootkit detection on Android[EB/OL]. [2011-05-10]. http://cs523-sp2011-bjks. googlecode.com/files/cs5 23 final_report.pdf.
7刘谦,王观海,翁楚良,骆源,李明禄.A Mandatory Access Control Framework in Virtual Machine System with Respect to Multi-level Security Ⅱ:Implementation[J].China Communications,2011,8(2):86-94. 被引量：5
8Borghei E, Azmi R, Ghahremanian A, et al. Virtual machine based security architecture [C]//Proe World Congress on In- ternet Security. London: IEEE Press, 2011 : 210- 215.
9Nan Z. Virtualization safety problem analysis [C]//Proc 3rd Communication Software and Networks. Xi'an: IEEE Press, 2011: 195-197.
10Semnanian A A, Pham J, Englert B, et al. Virtualization technology and its impact on computer hardware architec- ture [C]//Proc Eighth International Conference on Informa- tion Technology: New Generations. Las Vegas: IEEE Press, 2011: 719-724.

二级参考文献8

1刘谦,王观海,翁楚良,骆源,李明禄.一种虚拟机系统中关于多级安全的强制访问控制框架Ⅰ:理论(英文)[J]中国通信,2010(04).
2LITTY L,LIE D.Manitou: A LayerBelow Approach to Fighting Malware. Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability . 2006
3HIRANO M,SHINAGAWA T,EIRAKU H, et al.Introducing Role-Based Access Control to a Secure Virtual Machine Monitor: Security Policy Enforcement Mechanism for Distributed Computers. Proceedings of IEEE Asia-Pacific Services Computing Conference . 2008
4COKER G.Xen Security Modules (XSM). http://www.xen.org/fi les/xensummit_4/xsm- summit-041707_Coker.pdf . 2010
5Dunlap G W,King S T,Sukru C et al.ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. Proceedings of the Symposium on Operating Systems Design and Implementation (OSDI’02) . 2002
6Reiner Sailer,Trent Jaeger,Enriquillo Valdez,Ramon Caceres,Ronald Perez,Stefan Berger,John Linwood Griffin,Leendert van Doorn.Building a mac-based securityarchitecture for the xen open-source hypervisor. Proceedings of the 2005 Annual Computer Security Applications Conference . 2005
7Barham P,Dragovic B,Fraser K,et al.Xen and the Art of Virtualization. Proceedings of the 19th ACM Symposium on Operating Systems Principles . 2003
8McLean J.The specification and modeling of computer security. Computer . 1990

共引文献4

1王晓睿,王清贤,郭玉东,卢建平.虚拟化系统中的攻击与防护模型研究[J].武汉大学学报（理学版）,2013,59(5):416-424. 被引量：2
2梁彪,秦中元,沈日胜,陈琦,吕游,强勇,郭爱文.一种虚拟机访问控制安全模型[J].计算机应用研究,2014,31(1):231-235. 被引量：4
3邵国林,陈兴蜀,尹学渊,张峰伟.基于OpenFlow的虚拟机流量检测系统的设计与实现[J].计算机应用,2014,34(4):1034-1037. 被引量：7
4于红岩,岑凯伦,杨腾霄.云计算平台异常行为检测系统的设计与实现[J].计算机应用,2015,35(5):1284-1289. 被引量：9

1Xiaofeng TAO,Yan HAN,Xiaodong XU,Ping ZHANG,Victor C.M.LEUNG.Recent advances and future challenges for mobile network virtualization[J].Science China(Information Sciences),2017,60(4):1-12. 被引量：3
2顾彬.云计算数据中心的测试[J].电信网技术,2012(8):82-85.
3王丹.Decoding of uplink control information encoded with placeholders in long term evolution[J].Journal of Chongqing University,2011,10(3):133-138.
4ZHANG Chen.Malicious Base Station and Detecting Malicious Base Station Signal[J].China Communications,2014,11(8):59-64. 被引量：2
5Zero dB加入康宁TAP“整体接入网计划”[J].计算机网络世界,2005,14(10):55-55.
6Emma Rodero.The Perception of a Broadcasting Voice[J].US-China Education Review(A),2013,3(4):225-230.
7王际兵,赵明,周世东,姚彦.Virtualization of Wireless Communication Systems and Its Maximal Ratio Combining Macrodiversity To Extend CDMA Capacity[J].Tsinghua Science and Technology,2001,6(1):45-48.
8Yuehua DAI Yi SHI Yong QI Jianbao REN Peijian WANG.Design and verification of a lightweight reliable virtual machine monitor for a many-core architecture[J].Frontiers of Computer Science,2013,7(1):34-43. 被引量：4
9Deng Zongyuan,Shao Xi,Yang Zhen,Zheng Baoyu.A NOVEL COVERT SPEECH COMMUNICATION SYSTEM AND ITS IMPLEMENTATION[J].Journal of Electronics(China),2008,25(6):737-745.
10陈端.SDN——网络演进的新方向[J].电信网技术,2013(3):19-22. 被引量：1

Wuhan University Journal of Natural Sciences

2013年第5期

浏览历史

内容加载中请稍等...

Information Transfer Model of Virtual Machine Based on Storage Covert Channel

参考文献19

二级参考文献8

共引文献4

相关作者

相关机构

相关主题

浏览历史