HYBRID-BRIDGE: Efficiently Bridging the Semantic Gap in Virtual Machine Introspection via Decoupled Execution and Training Memoization
نویسندگان
چکیده
Recent advances show that it is possible to reuse the legacy binary code to bridge the semantic gap in virtual machine introspection (VMI). However, existing such VMI solutions often have high performance overhead (up to hundreds of times slowdown), which significantly hinders their practicality especially for cloud providers who wish to perform real-time monitoring of the virtual machine states. As such, this paper presents HYBRIDBRIDGE, a new system that uses an efficient decoupled execution and training memoization approach to automatically bridge the semantic gap. The key idea is to combine the strengths of both offline training based approach and online kernel data redirection based approach, with a novel training data memoization and fall back mechanism at hypervisor layer that decouples the expensive Taint Analysis Engine (TAE) from the execution of hardware-based virtualization and moves the TAE to softwarebased virtualization. The experimental results show that HYBRIDBRIDGE substantially improves the performance overhead of existing binary code reuse based VMI solutions with at least one order of magnitude for many of the tested benchmark tools including ps, netstat, and lsmod.
منابع مشابه
Bridging the Semantic Gap Through Static Code Analysis
The semantic gap is a challenge inherent in all applications of virtual machine introspection (VMI). It describes the disconnect between the low-level state that the hypervisor has access to and its semantics within the guest. A common approach to bridge this gap is to utilize the debugging symbols of an inspected operating system kernel, although it is well understood that this information doe...
متن کاملBridging the semantic gap for software effort estimation by hierarchical feature selection techniques
Software project management is one of the significant activates in the software development process. Software Development Effort Estimation (SDEE) is a challenging task in the software project management. SDEE is an old activity in computer industry from 1940s and has been reviewed several times. A SDEE model is appropriate if it provides the accuracy and confidence simultaneously before softwa...
متن کاملIterative Backtracking via Deterministic Virtual Machine Replay and Virtual Machine Introspection
We propose a security analysis system that enables tracking and understanding system intrusions fully and precisely, using deterministic virtual machine replay and virtual machine introspection. Understanding the behaviors of system intrusions is important for malware defense systems to discover their vulnerabilities and prevent them to be exploited for the future. Existing approaches fail to e...
متن کاملA Universal Semantic Bridge for Virtual Machine Introspection
All systems that utilize virtual machine introspection (VMI) need to overcome the disconnect between the low-level state that the hypervisor sees and its semantics within the guest. This problem has become well-known as the semantic gap. In this work, we introduce our tool, InSight, that establishes a semantic connection between the guest and the hypervisor independent of the application at han...
متن کاملTransparently bridging semantic gap in CPU management for virtualized environments
Consolidated environments are progressively accommodating diverse and unpredictable workloads in conjunctionwith virtual desktop infrastructure and cloud computing. Unpredictableworkloads, however, aggravate the semantic gap between the virtual machine monitor and guest operating systems, leading to inefficient resource management. In particular, CPU management for virtual machines has a critic...
متن کامل