中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 基础软件国家工程研究中心  > 学位论文
Subject: 计算机软件::软件理论 ; 计算机软件::操作系统与操作环境
Title:
用于内存安全监测的轻量虚拟机监控代理设计与实现
Author: 马乐乐
Issued Date: 2015-05-27
Supervisor: 李明树
Major: 计算机软件与理论
Degree Grantor: 中国科学院研究生院
Place of Degree Grantor: 北京
Degree Level: 硕士
Keyword: 虚拟机内省 ; Xen Mini-OS ; 内存监控 ; 完整性度量 ; 入侵检测
Abstract:

越来多的网络服务提供商采用云计算平台提供他们的网络服务。然而也有很多服务商因担忧云计算平台的安全问题而迟迟没有将自己的核心业务放到云平台上。安全问题是云计算平台面临的重要挑战。虚拟机的实时监控与入侵检测是保障云计算安全的必要方法。使用虚拟机内省技术在特定虚拟机中实时监测其他虚拟机的内存安全是虚拟化平台中重要的安全监测方法。但对于在传统特权虚拟机中实现的内省,其执行过程消耗较多系统资源,会降低虚拟平台的整体性能。同时,复杂且权限高的安全模块与传统特权虚拟机使用同一个地址空间,不利于安全模块与系统其他部分的隔离,会增加系统被攻击的风险。

由此,本文提出一种利用轻量操作系统实现虚拟机监控代理的方法,并提出基于完整性度量的内存监测方案,实时监测目标虚拟机的内存安全。本文主要贡献有:1)提出基于轻量操作系统的安全隔离与防护机制,允许在一个隔离的轻量虚拟机中监测其他客户虚拟机的内存。该机制无需修改监控器代码与被监控的操作系统,可在一个隔离的特权虚拟机中对其他客户虚拟机的运行时完整性执行监测。该特权虚拟机中运行一个定制的微型操作系统,占用系统资源少,且仅仅具有完成安全度量服务所需要的微小代码基。完整性度量服务专用于对用户虚拟机中的关键数据与代码执行系统运行时完整性度量与认证,及时发现被监控系统受到的非法篡改,并阻止恶意行为对整个系统的进一步侵害。2)通过交叉编译与函数移植等方法,在Xen源码树中的Mini-OS轻量系统中实现了虚拟机内省技术,并实现系统安全监测程序的原型系统TinyVMI3)根据系统原型的设计与实现,分析了系统原型的安全性。对该监控方法在性能上的表现与传统方法做了对比评估。分析表明,本文的轻量安全监测程序具有更高的隔离性与安全性。实验结果显示,本文方法相对于传统的基于商业化操作系统的特权虚拟机执行相同的安全监测操作,可减少92%以上的性能损耗,提高了虚拟机内省与安全监测的效率。

English Abstract:

More and more internet service providers are moving their servers onto the cloud computing platform. However, many of them have not moved their core services to the cloud due to the concern of the security. It’s apparently that the security problem is a critical issue on the cloud computing platform. A typical method to ensure cloud security is the runtime monitoring and intrusion detection of virtual machines (VMs) on the virtualization platform. Virtual Machine Introspection (VMI) is an important method to monitor a VM in the out-of-the-box view. A privileged VM can monitor other VMs’ runtime memory utilizing VMI technique. However, the VMI implemented in the traditional privileged VM consumes lots of system resources and slows down the total performance of the virtualization platform. At the meantime, this method can weaken the isolation between security module and other parts of the system because the privileged security module runs in the same address space with other parts of the system kernel. The weak isolation expands the attack surface of system kernel and could result in severe security problem.

In order to mitigate the disadvantages mentioned above, a secure architecture based on a lightweight virtual machine monitor implemented in a lightweight operating system is proposed, along with a security checking scheme based on integrity checking, which is capable of runtime security checking of the VM’s memory. The contribution includes: a) the design of a lightweight operating system based security checking mechanism, which allows a privileged tiny operating system to monitor other operating system running in the virtual machines. It allows non-intrusively monitoring of other VMs’ runtime integrity in a restricted lightweight virtual machine. The security module lies in a lightweight operating system, which has much less code base and consumes much less system resources than the traditional operating system. The integrity checking service aims to only monitor and check a virtual machine’s critical data and code, which allows timely discovery of the intrusion and blocks further attacks towards the system. b) By cross compiling and codes porting, we integrate the virtual machine introspection module into the tiny operating system, Mini-OS in Xen source tree. The prototype system named TinyVMI is implemented as a security monitoring and checking system. c) According to the design and implementation of the prototype system, we analyzed the security property of the system and compared the performance with the traditional virtual machine introspection implemented in the legacy operating system. The isolation of the lightweight security module is strengthened, and the performance overhead is reduced. The performance evaluation shows more than 92% performance gain comparing to the same security checking operation in the traditional privileged virtual machine. This proves that the scheme can significantly improve the performance of virtual machine introspection and integrity checking of the target system in an out-of-the-box view.
Language: 中文
Content Type: 学位论文
URI: http://ir.iscas.ac.cn/handle/311060/17137
Appears in Collections:基础软件国家工程研究中心_学位论文

Files in This Item:
File Name/ File Size Content Type Version Access License
学位论文-马乐乐-05.27.submit.pdf(1140KB)----限制开放 联系获取全文

Recommended Citation:
马乐乐. 用于内存安全监测的轻量虚拟机监控代理设计与实现[D]. 北京. 中国科学院研究生院. 2015-05-27.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[马乐乐]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[马乐乐]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace