一种基于虚拟机自省的安全检测框架

Security Detection Framework Based on Virtual Machine Introspection

虚拟机自省技术(Virtual Machine Introspection,VMI)允许一台虚拟机(Virtual Machine)中的进程查看另一台虚拟机的运行状态,系统原型称为Livewire,是基于虚拟机自省的主机入侵检测系统。虚拟机自省技术所能查看的运行状态涵盖对内存的整体读写访问、对处理器寄存器的读访问、虚拟机的一些元数据等,同时还可以查看在特定状态下的流出及流入虚拟机的参数,其中包括网络流量(Network Traffic)及硬盘存储等。

The technology of virtual machine introspection allows a process in one virtual machine to view the runtime state of another virtual machine.The system prototype is called Livewire,which is a host intrusion detection system based on virtual machine introspection.The running state of the virtual machine introspection can check to cover some of the whole metadata of memory read and write access to the processor registers,read access,virtual machine,but you can see the outflow under a certain status and parameters into the virtual machine,including network traffic and hard disk storage etc..