当前位置: X-MOL 学术IEEE Trans. Inform. Forensics Secur. › 论文详情
Hardware-Assisted MMU Redirection for In-Guest Monitoring and API Profiling
IEEE Transactions on Information Forensics and Security ( IF 6.211 ) Pub Date : 2020-01-27 , DOI: 10.1109/tifs.2020.2969514
Shun-Wen Hsiao; Yeali S. Sun; Meng Chang Chen

With the advance of hardware, network, and virtualization technologies, cloud computing has prevailed and become the target of security threats such as the cross virtual machine (VM) side channel attack, with which malicious users exploit vulnerabilities to gain information or access to other guest virtual machines. Among the many virtualization technologies, the hypervisor manages the shared resource pool to ensure that the guest VMs can be properly served and isolated from each other. However, while managing the shared hardware resources, due to the presence of the virtualization layer and different CPU modes (root and non-root mode), when a CPU is switched to non-root mode and is occupied by a guest machine, a hypervisor cannot intervene with a guest at runtime. Thus, the execution status of a guest is like a black box to a hypervisor, and the hypervisor cannot mediate possible malicious behavior at runtime. To rectify this, we propose a hardware-assisted VMI (virtual machine introspection) based in-guest process monitoring mechanism which supports monitoring and management applications such as process profiling. The mechanism allows hooks placed within a target process (which the security expert selects to monitor and profile) of a guest virtual machine and handles hook invocations via the hypervisor. In order to facilitate the needed monitoring and/or management operations in the guest machine, the mechanism redirects access to in-guest memory space to a controlled, self-defined memory within the hypervisor by modifying the extended page table (EPT) to minimize guest and host machine switches. The advantages of the proposed mechanism include transparency, high performance, and comprehensive semantics. To demonstrate the capability of the proposed mechanism, we develop an API profiling system (APIf) to record the API invocations of the target process. The experimental results show an average performance degradation of about 2.32%, far better than existing similar systems.
更新日期:2020-02-11

 

全部期刊列表>>
全球疫情及响应:BMC Medicine专题征稿
欢迎探索2019年最具下载量的化学论文
新版X-MOL期刊搜索和高级搜索功能介绍
化学材料学全球高引用
ACS材料视界
南方科技大学
x-mol收录
南方科技大学
自然科研论文编辑服务
上海交通大学彭文杰
中国科学院长春应化所于聪-4-8
武汉工程大学
课题组网站
X-MOL
深圳大学二维材料实验室张晗
中山大学化学工程与技术学院
试剂库存
天合科研
down
wechat
bug