###
DOI:
工程科学与技术:2015,47(1):54-59
←前一篇   |   后一篇→
本文二维码信息
码上扫一扫!
基于硬件架构和虚拟化扩展机制的虚拟机自省机制研究
(1.武汉大学 计算机学院;2.空天信息安全与可信计算教育部重点实验室(武汉大学);3.湖北源辉科技有限公司)
Study of Virtual Machine Introspection Based on Hardware Architecture and Virtualization Extensions
(1.School of Computer,Wuhan Univ.;2.Key Lab. of Aerospace Info. Security and Trusted Computing of Ministry of Education,Wuhan Univ.;3.Yuanhui Technol Co.)
摘要
图/表
参考文献
相似文献
附件
本文已被:浏览 3418次   下载 106
投稿时间:2014-06-25    修订日期:2014-11-17
中文摘要: 针对现有虚拟机自省技术利用不可信被监控操作系统的内核数据结构在内存中的期望布局及内核函数构建被监控系统语义、无法抵抗直接内核数据结构操纵攻击的问题,对虚拟机自省机制的能力进行全面分析,并对利用虚拟机自省机制可应对的恶意攻击进行分类,提出更具健壮性的基于硬件体系架构和虚拟化扩展机制的虚拟机自省技术,通过硬件体系结构提供的虚拟机自省特性被动地观察与收集被监控系统信息,并利用虚拟硬件扩展机制主动地截获客户虚拟机内部的事件和指令,达到主动监控的目的。描述了基于硬件的虚拟机自省机制在系统调用序列收集与监控上的应用,并进行了效率测试分析。
中文关键词: 虚拟机  自省;虚拟化扩展
Abstract:Recent studies on virtual machine introspection mostly build guest VM state by the use of guest OS kernel data structures and kernel functions, which can be maliciously subverted. They are unable to resist direct kernel structure attacks. In view of the above situation, the capability of VMI was analyzed thoroughly, and then the possibilities of using hardware architectural knowledge and virtualization extension knowledge to construct VMI technology were explored and the possible attacks that can be detected and foiled by this mechanism were discussed. Collection and monitoring of system calls using the proposed method were described and the efficient of the monitored system was analyzed.
文章编号:201400692     中图分类号:    文献标志码:
基金项目:国家自然科学基金重点项目资助(61332019);国家重点基础研究发展计划资助项目(2014CB340600)
作者简介:
引用文本:
邹冰玉,张焕国,陈景君.基于硬件架构和虚拟化扩展机制的虚拟机自省机制研究[J].工程科学与技术,2015,47(1):54-59.
Zou Bingyu,Zhang Huanguo,Chen Jingjun.Study of Virtual Machine Introspection Based on Hardware Architecture and Virtualization Extensions[J].Advanced Engineering Sciences,2015,47(1):54-59.