期刊文献+

IVirt:基于虚拟机自省的运行环境完整性度量机制 被引量:13

IVirt:Runtime Environment Integrity Measurement Mechanism Based on Virtual Machine Introspection
下载PDF
导出
摘要 完整性度量是检测程序篡改的重要方法,但是在虚拟化环境下传统的检测方法已体现出不足.例如,度量软件与被度量对象处于相同操作系统中易受攻击.该文从安全性和性能两方面出发,提出了一种基于虚拟机自省的完整性度量机制IVirt(Integrity for Virtualization).该机制从虚拟机外部通过地址转换和内容定位得到所需的虚拟机内存数据,从而对虚拟机内部的程序进行完整性度量,以检验程序是否遭到篡改.该文以典型的虚拟机监视器Xen为例实现了IVirt原型系统.相比于同类工作,IVirt一方面将度量软件与被度量对象分离,防止度量软件遭到攻击;另一方面采用地址转换来度量运行时状态,这区别于采用事件拦截机制的度量方法,以降低性能开销.实验结果表明,该方法能够检测出虚拟机运行时的软件篡改,而且在性能上不会引入过高的代价. Integrity Measurement is an important method to detect compromised application,but under the virtualization environment traditional detection approaches have reflected some shortages.For example,the measurement software and measured objects are in the same operating system,so the measurement software is easily attacked.From the perspectives of security and performance,this paper proposes an integrity measurement mechanism based on virtual machine introspection—IVirt(Integrity for Virtualization).This mechanism obtains the needed memory data of virtual machine through address translation and content locating from outside of that virtual machine,thereby measuring the integrity of applications that are in the virtual machine is performed,so as to verify whether the applications are tampered with.The IVirt prototype was implemented in this paper adopting typical virtual machine monitor Xen.Compared with other work of the same kind,IVirt isolates the measurement software from the measured objects,preventing measurement software being attacked.On the other hand,address translation is employed to measure the runtime state,which is different from the method of using events intercepting,in order to reduce the performance overhead.The experimental results show thatthis method has the ability of detecting software modification,and it does not introduce high performance cost.
出处 《计算机学报》 EI CSCD 北大核心 2015年第1期191-203,共13页 Chinese Journal of Computers
基金 国家自然科学基金(61202081) 国家"八六三"高技术研究发展计划项目基金(2012AA012606)资助~~
关键词 虚拟机自省 完整性度量 虚拟化 虚拟机监视器 运行时间 安全 virtual machine introspection integrity measurement virtualization virtual machine monitor runtime security
  • 相关文献

同被引文献77

  • 1SMITH J, NAIR R. Virtual Machines: Versatile Platforms for Sys- tems and Processes [ M]. Singapore: Elsevier, 2009:5 -8.
  • 2SANTOS N, GUMMADI K, RODRIGUES R. Towards trusted cloud computing [ C ]// Proceedings of the 2009 USENIX Association Workshop on Hot Topics in Cloud Computing. Berkeley: USENIX, 2009:14 - 19.
  • 3ZHANG L, CHEN X S, LIU L, et al. Trusted domain hierarchical model based on noninterference theory [ J]. Journal of China Univer-sities of Posts and Telecommunications, 2015, 22(4): 7 -16.
  • 4GRAEME P, CHEN L Q, DALTON C. Trusted Computing Plat- forms[M]. Berlin: Springer, 2014:1-25.
  • 5GOGUEN J A, MESEGUER J. Security policies and security mod- els[ C]// Proceedings of the IEEE Symposium on Security and Pri- vacy. Washington, DC: IEEE Computer Society, 1982:11-20.
  • 6ZHANG F, CHEN J , CHEN H , et al . CloudVisor : retrofitting protection of virtual machines in muti-tenant cloud with nest virtual- ization[ C]//Proceedings of the 23rd ACM Symposium on Operat- ing System Principles. New York: ACM, 2011 : 203 -216.
  • 7赵佳,沈昌祥,刘吉强,韩臻.基于无干扰理论的可信链模型[J].计算机研究与发展,2008,45(6):974-980. 被引量:29
  • 8谭良,徐志伟.基于可信计算平台的信任链传递研究进展[J].计算机科学,2008,35(10):15-18. 被引量:27
  • 9张兴,陈幼雷,沈昌祥.基于进程的无干扰可信模型[J].通信学报,2009,30(3):6-11. 被引量:28
  • 10秦宇,冯登国.基于组件属性的远程证明[J].软件学报,2009,20(6):1625-1641. 被引量:33

引证文献13

二级引证文献50

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部