Inter-domain Communication Protocol for Real-time File Access Monitor of Virtual Machine

نویسندگان

  • Ruo Ando
  • Kazushi Takahashi
  • Kuniyasu Suzaki
چکیده

Leveraging hypervisor for security purpose such as malware analysis has been well researched. There still remain two challenges for analyzing security incidents on virtual machine: real-time monitoring and semantic gap. First, current active monitoring methods need to be improved for real-time protection of virtual machine. Second, semantic gap between virtual machine and hypervisor poses a significant impediment on security analyst. In this paper, we propose an inter-domain communication protocol for real-time monitoring of virtual machine and bridging semantic gap. We have deployed the inter-domain communication module between a guest Windows OS and a hypervisor in two ways. While the one is a register based transfer using vCPU context, the other is a shared memory based communication. Our protocol is event driven, which makes the proposed system enable to monitor the file access of a guest Windows OS in real-time without suspending it. We have implemented our system on XEN virtual machine monitor and KVM (Kernel Virtual Machine). We have measured the resource utilization of these two systems in the case of decompressing files and receiving HTTP requests. On the guest OS, the KVM based system outperforms the processor idle time by about 30-50% in decompressing file and the memory usage by about 35% in receiving HTTP requests. We conclude that our system can monitor file access inside virtual machine without suspension and also with reasonable resource usage.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Limitations and Solutions for Real-Time Local Inter-Domain Communication in Xen

As computer hardware becomes increasingly powerful, there is an ongoing trend towards integrating complex, legacy real-time systems using fewer hosts through virtualization. Especially in embedded systems domains such as avionics and automotive engineering, this kind of system integration can greatly reduce system weight, cost, and power requirements. When systems are integrated in this manner,...

متن کامل

Secure and Fast Log Transfer Mechanism for Virtual Machine

Ensuring the integrity of logs is essential to reliably detect and counteract attacks because adversaries tamper with logs to hide their activities on a computer. Even though some studies proposed various protections of log files, adversaries can tamper with logs in kernel space with kernel-level malicious software (malware) because file access and inter-process communication are provided by an...

متن کامل

Improving Distributed File System Performance in Virtual Machine Environments

Virtual machine (VM) systems have traditionally used virtual disks for file storage. Recently, there has been interest in using distributed file systems as a way to provide data storage to guest virtual machines, with the file server running on the same physical machine. Potential advantages include finegrained data sharing, data protection, versioning, and backup to multiple guests from one ce...

متن کامل

A new virtual leader-following consensus protocol to internal and string stability analysis of longitudinal platoon of vehicles with generic network topology under communication and parasitic delays

In this paper, a new virtual leader following consensus protocol is introduced to perform the internal and string stability analysis of longitudinal platoon of vehicles under generic network topology. In all previous studies on multi-agent systems with generic network topology, the control parameters are strictly dependent on eigenvalues of network matrices (adjacency or Laplacian). Since some ...

متن کامل

Virtual Streams : A Generic Interface for Uniform Data Access

UNIXTM I/O is based on a file centric model that uses file descriptors, but these map poorly onto communication channels such as network sockets. The stream represents a more general I/O model that overcomes this problem. We illustrate the design of a generic interface that uses a stream abstraction rather than a file. The interface is implemented as a layer on top of file I/O, network and Web ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • JoWUA

دوره 3  شماره 

صفحات  -

تاریخ انتشار 2012