English Abstract: | More and more internet service providers are moving their servers onto the cloud computing platform. However, many of them have not moved their core services to the cloud due to the concern of the security. It’s apparently that the security problem is a critical issue on the cloud computing platform. A typical method to ensure cloud security is the runtime monitoring and intrusion detection of virtual machines (VMs) on the virtualization platform. Virtual Machine Introspection (VMI) is an important method to monitor a VM in the out-of-the-box view. A privileged VM can monitor other VMs’ runtime memory utilizing VMI technique. However, the VMI implemented in the traditional privileged VM consumes lots of system resources and slows down the total performance of the virtualization platform. At the meantime, this method can weaken the isolation between security module and other parts of the system because the privileged security module runs in the same address space with other parts of the system kernel. The weak isolation expands the attack surface of system kernel and could result in severe security problem. In order to mitigate the disadvantages mentioned above, a secure architecture based on a lightweight virtual machine monitor implemented in a lightweight operating system is proposed, along with a security checking scheme based on integrity checking, which is capable of runtime security checking of the VM’s memory. The contribution includes: a) the design of a lightweight operating system based security checking mechanism, which allows a privileged tiny operating system to monitor other operating system running in the virtual machines. It allows non-intrusively monitoring of other VMs’ runtime integrity in a restricted lightweight virtual machine. The security module lies in a lightweight operating system, which has much less code base and consumes much less system resources than the traditional operating system. The integrity checking service aims to only monitor and check a virtual machine’s critical data and code, which allows timely discovery of the intrusion and blocks further attacks towards the system. b) By cross compiling and codes porting, we integrate the virtual machine introspection module into the tiny operating system, Mini-OS in Xen source tree. The prototype system named TinyVMI is implemented as a security monitoring and checking system. c) According to the design and implementation of the prototype system, we analyzed the security property of the system and compared the performance with the traditional virtual machine introspection implemented in the legacy operating system. The isolation of the lightweight security module is strengthened, and the performance overhead is reduced. The performance evaluation shows more than 92% performance gain comparing to the same security checking operation in the traditional privileged virtual machine. This proves that the scheme can significantly improve the performance of virtual machine introspection and integrity checking of the target system in an out-of-the-box view. |