Information Transfer Model of Virtual Machine Based on Storage Covert Channel
Aiming at the problem that virtual machine information cannot be extracted incompletely, we extend the typical informa tion extraction model of virtual machine and propose a perception mechanism in virtualization system based on storage covert chan nel to overcome the affection of the semantic gap.Taking advan tage of undetectability of the covert channel, a secure channel is established between Guest and virtual machine monitor to pass data directly.The Guest machine can pass the control information of malicious process to virtual machine monitor by using the VMCALL instruction and shared memory.By parsing critical information in process control structure, virtual machine monitor can terminate the malicious processes.The test results show that the proposed mechanism can clear the user-level malicious pro grams in the virtual machine effectively and covertly.Meanwhile,its performance overhead is about the same as that of other main stream monitoring mode.
virtualization safety protection information extraction of virtual machine covert channel process control structure
WANG Xiaorui WANG Qingxian GUO Yudong LU Jianping
Fourth Department,PLA Information Engineering University,Zhengzhou 450002,Henan,China State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450002,Henan,China Department of Communication Command,Chongqing Communication Institute,Chongqing 400035,China
国内会议
秦皇岛
英文
377-384
2013-09-01(万方平台首次上网日期,不代表论文的发表时间)