基于硬件虚拟化的虚拟机文件完整性监控

doi:10.11772/j.issn.1001-9081.2017.02.0388

计算机应用 ›› 2017, Vol. 37 ›› Issue (2): 388-391.DOI: 10.11772/j.issn.1001-9081.2017.02.0388

• 第十届中国可信计算与信息安全学术会议 • 上一篇下一篇

基于硬件虚拟化的虚拟机文件完整性监控

赵成, 陈兴蜀, 金鑫

四川大学计算机学院, 成都 610065

收稿日期:2016-08-15 修回日期:2016-09-02 出版日期:2017-02-10 发布日期:2017-02-11
通讯作者: 陈兴蜀,chenxsh@scu.edu.cn
作者简介:赵成(1991-),男,河北固安人,硕士研究生,主要研究方向:云计算、虚拟化;陈兴蜀(1969-),女,四川自贡人,教授,博士,主要研究方向:云计算、大数据、信息安全、可信计算;金鑫(1976-),男,辽宁营口人,博士研究生,主要研究方向:云计算、虚拟化、可信计算。
基金资助:
国家自然科学基金资助项目（61272447）。

Virtual machine file integrity monitoring based on hardware virtualization

ZHAO Cheng, CHEN Xingshu, JIN Xin

College of Computer Science, Sichuan University, Chengdu Sichuan 610065, China

Received:2016-08-15 Revised:2016-09-02 Online:2017-02-10 Published:2017-02-11
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61272447).

摘要/Abstract

摘要： 为保护虚拟机敏感文件的完整性，针对外部监控中基于指令监控方式性能消耗大、兼容性低和灵活性差等缺点，提出一种基于硬件虚拟化的文件完整性监控（OFM）系统。该系统以基于内核的虚拟机（KVM）作为虚拟机监视器，可动态实时地配置敏感文件访问监控策略；OFM可修改虚拟机系统调用表项以透明拦截文件操作相关系统调用，以监控策略为依据判定虚拟机进程操作文件的合法性，并对非法进程进行处理。在虚拟机中采用性能测试软件Unixbench进行仿真，其中OFM在文件监控方面优于基于指令的监控方式，且不影响虚拟机其他类型系统调用。实验结果表明，OFM可以有效地监控虚拟机文件的完整性，具有更好的兼容性、灵活性和更低的性能损耗。

关键词: 敏感文件, 完整性, 系统调用, 硬件虚拟化, 基于内核的虚拟机

Abstract: In order to protect the integrity of the Virtual Machine (VM) sensitive files and make up for the shortcomings such as high performance overhead, low compatibility and poor flexibility in out-of-box monitoring based on the instruction monitoring methods, OFM (Out-of-box File Monitoring) based on hardware virtualization was proposed. In OFM, Kernel-based Virtual Machine (KVM) was used as the virtual machine monitor to dynamically configure sensitive file access control strategy in real-time; in addition, OFM could modify the call table entries related to file operations of virtual machine system to determine the legitimacy of the VM process operation files, and deal with the illegal processes. Unixbench was deployed in a virtual machine to test the performance of OFM. The experimental results demonstrate that OFM outperforms to instruction monitoring methods in file monitoring and has no affect on other types of system calls for virtual machines. Meanwhile, OFM can effectively monitor the integrity of the virtual machine files and provide better compatibility, flexibility and lower performance losses.

Key words: sensitive file, integrity, system call, hardware virtualization, Kernel-based Virtual Machine (KVM)

中图分类号:

TP309

赵成, 陈兴蜀, 金鑫. 基于硬件虚拟化的虚拟机文件完整性监控[J]. 计算机应用, 2017, 37(2): 388-391.

ZHAO Cheng, CHEN Xingshu, JIN Xin. Virtual machine file integrity monitoring based on hardware virtualization[J]. Journal of Computer Applications, 2017, 37(2): 388-391.

参考文献

[1] 王惠莅,杨晨,杨建军.美国NIST云计算安全标准跟踪及研究[J].信息技术与标准化,2012(6):51-54. (WANG H L, YANG C, YANG J J. Research on clouds computing security standards of NIST[J]. Information Technology & Standardization, 2012(6):51-54.
[2] 张蕴菁, 刘威. 2015年7月计算机病毒疫情分析[J]. 信息网络安全, 2015(9):292-292. (ZHANG Y J, LIU W. Analysis of computer virus epidemic situation in July, 2015[J]. Netinfo Security, 2015(9):292-292.).
[3] KIM G H, SPAFFORD E H. The design and implementation of tripwire:a file system integrity checker[C]//CCS'94:Proceedings of the 2nd ACM Conference on Computer and Communications Security. New York:ACM, 1999:18-29.
[4] PATIL S, KASHYAP A, SIVATHANU G, et al. FS:an in-kernel integrity checker and intrusion detection file system[C]//LISA'04:Proceedings of the 18th USENIX Conference on System Administration. Berkeley, CA:USENIX Association, 2004:67-78.
[5] QUYNH N A, TAKEFUJI Y. A novel approach for a file-system integrity monitor tool of Xen virtual machine[C]//ASIACCS'07:Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security. New York:ACM, 2007:194-202.
[6] 王照羽.基于Xen硬件虚拟化的磁盘文件操作监控系统[D].西安:西安电子科技大学,2013:5-7. (WANG Z Y. Monitoring system for disk file operations in Xen Full virtualization[J]. Xi'an:Xidian University, 2013:5-7.).
[7] 王铸,黄涛,文莎.基于虚拟机的文件完整性监控系统[J].中州大学学报, 2009, 26(5):121-123. (WANG Z, HUANG T, WEN S. A file integrity monitoring system based on virtualization[J]. Journal of Zhongzhou University, 2009, 26(5):121-123.).
[8] 王婷婷.基于硬件辅助虚拟化的虚拟机监控研究与实现[D].北京:北京邮电大学,2015:3-4. (WANG T T. Research and implementation of virtual machine based on hardware-assisted virtualization[J]. Beijing:Beijing University of Posts and Telecommunications, 2015:3-4.).
[9] JIN H, XIANG G, ZOU D, et al. A guest-transparent file integrity monitoring method in virtualization environment[J]. Computers & Mathematics with Applications, 2010, 60(2):256-266.
[10] PAYNE B D, DE A CARBONE M D P, LEE W. Secure and flexible monitoring of virtual machines[C]//ACSAC 2007:Proceedings of the Twenty-Third Annual Computer Security Applications Conference. Washington, DC:IEEE Computer Society, 2007:385-397.
[11] HABIB I. Virtualization with KVM[J]. Linux Journal, 2008(166):Article No. 8.
[12] Intel. Intel 64 and IA-32 architectures software developer manuals[EB/OL].[2015-03-20]. https://software.intel.com/en-us/articles/intel-sdm.
[13] AMD. AMD64 architecture programmer's manual volume 2:system programming[EB/OL].[2015-03-20]. http://developer.amd.com/resources/developer-guides-manuals/.
[14] 熊海泉,刘志勇,徐卫志,等.VMM中Guest OS非陷入系统调用指令截获与识别[J].计算机研究与发展,2014,51(10):2348-2359. (XIONG H Q, LIU Z Y,XU W Z, et al. Interception and identification of guest OS non-trapping system call instruction within VMM[J]. Journal of Computer Research and Development, 2014, 51(10):2348-2359.)

[1]	卿欣艺, 陈玉玲, 周正强, 涂园超, 李涛. 基于中国剩余定理的区块链存储扩展模型[J]. 计算机应用, 2021, 41(7): 1977-1982.
[2]	高昊昱, 李雷孝, 林浩, 李杰, 邓丹, 李少旭. 区块链在数据完整性保护领域的研究与应用进展[J]. 计算机应用, 2021, 41(3): 745-755.
[3]	李秀艳, 刘明曦, 史闻博, 董国芳. 面向资源受限用户的高效动态数据审计方案[J]. 计算机应用, 2021, 41(2): 422-432.
[4]	李兆斌, 刘泽一, 魏占祯, 韩禹. 基于哈希链的软件定义网络路径安全[J]. 计算机应用, 2019, 39(5): 1368-1373.
[5]	白平, 张薇, 王绪安. 云环境下基于运算电路的同态认证方案[J]. 计算机应用, 2018, 38(9): 2543-2548.
[6]	路子聪, 徐开勇, 郭松, 肖警续. 基于ARM虚拟化扩展的Android内核动态度量方法[J]. 计算机应用, 2018, 38(9): 2644-2649.
[7]	白平, 张薇, 李聪, 王绪安. 支持用户撤销的可验证密文检索方案[J]. 计算机应用, 2018, 38(6): 1640-1643.
[8]	王漫漫, 束永安. 多移动汇聚节点的无线传感网中基于服务质量的能耗[J]. 计算机应用, 2018, 38(3): 758-762.
[9]	蔡梦娟, 陈兴蜀, 金鑫, 赵成, 殷明勇. 基于硬件虚拟化的虚拟机进程代码分页式度量方法[J]. 计算机应用, 2018, 38(2): 305-309.
[10]	徐明迪, 高杨, 高雪原, 张帆. 满足对应性属性的平台配置证明[J]. 计算机应用, 2018, 38(2): 337-342.
[11]	缪俊敏, 冯朝胜, 李敏, 刘霞. 面向公有云的数据完整性公开审计方案[J]. 计算机应用, 2018, 38(10): 2892-2898.
[12]	李津津, 贾晓启, 杜海超, 王利朋. 基于虚拟化技术的有效提高系统可用性的方法[J]. 计算机应用, 2017, 37(4): 986-992.
[13]	张新鹏, 许春香, 张新颜, 赛伟, 韩兴阳, 刘国平. 基于代理重签名的支持用户可撤销的云存储数据公共审计方案[J]. 计算机应用, 2016, 36(7): 1816-1821.
[14]	郑奇斌, 刁兴春, 曹建军, 周星, 许永平. 结合局部敏感哈希的k近邻数据填补算法[J]. 计算机应用, 2016, 36(2): 397-401.
[15]	周登元, 李清宝, 张擂, 孔维亮. 基于虚拟机监控器的Windows剪贴板操作监控[J]. 计算机应用, 2016, 36(2): 511-515.

基于硬件虚拟化的虚拟机文件完整性监控

Virtual machine file integrity monitoring based on hardware virtualization

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics