基于邻接点的VMM动态完整性度量方法

doi:10.11959/j.issn.1000-436x.2015210

摘要/Abstract

摘要：

对于虚拟机监控器的动态完整性度量，由于其位于特权层，且复杂多变，一直是领域内的研究难点。提出了一种基于邻接点的动态完整性度量方法，利用邻接点作为度量模块的宿主，通过面向内存页的完整性模型和评估算法，实现了动态完整性度量。实验表明，能够准确地检测到完整性受到破坏，且仅对计算密集型任务造成适中的性能损耗。

关键词: 虚拟机监控器, 完整性, 动态度量, 邻接点, 度量环

Abstract:

Due to its high privilege and complicated runtime memory,dynamic integrity measurement for VMM (virtual machine monitor) was always a great difficulty in the current study.An innovative method based on the adjacency data was proposed,which used a neighbor as the host of a measurement module.According to an integrity model in memory page granularity and a new improved measurement algorithm,dynamic integrity measurement for VMM was imple-mented.Experimental data shows it could detect the integrity broken accurately,only causing a moderate performance loss for computing intensive tasks.

Key words: VMM, integrity, dynamic measurement, adjacency data, ring of measurement

吴涛,杨秋松,贺也平. 基于邻接点的VMM动态完整性度量方法[J]. 通信学报, 2015, 36(9): 169-180.

Tao WU,Qiu-song YANG,Ye-ping HE. Method of dynamic integrity measurement for VMM based on adjacency data[J]. Journal on Communications, 2015, 36(9): 169-180.

图/表 11

图1

图2

表1

图3

图4

图5

图6

图7

图8

图9

图10

参考文献 24

[1]	MCCUNE J , PARNO B , PERRIG A , et al. Minimal TCB code execu-tion[A]. Proc of IEEE Symposium on Security and Privacy[C]. 2007.267-272.
[2]	MCCUNE J , PARNO B , PERRIG A , et al. An execution infrastructure for TCB minimization[A]. Proc of Eurosys[C]. 2008.
[3]	MCCUNE J , LI Y , QU N , et al. TrustVisor:efficient TCB reduction and attestation[A]. Proc of IEEE Symposium on Security and Pri-vacy[C]. 2010.143-158.
[4]	SANDHU R S . On five definitions of data integrity[A]. Proc of the 7th IFIP WG 11.3 Working Conference on Database Security[C]. 1993.257-268.
[5]	Department of Defense,USA. Trusted Computer System Evaluation Criteria,TCSEC[S]. 1985.
[6]	Trusted Computing Group. TPM Main Specification Level 2,Revision 116[EB/OL]. .
[7]	HOFMANN O , KIM S , DUNN A , et al. Inktag:secure applications on an untrusted operating system[A]. Proc of the 18th International Con-ference on Architectural Support for Programming Languages and Operating Systems,ASPLOS 2013[C]. 2013.253-264.
[8]	WANG Z , WU C , GRACE M , et al. Isolating commodity hosted hypervisors with hyperlock[A]. Proc of Eurosys[C]. 2010.127-140.
[9]	CRISWELL J , DAUTENHAHN N , ADVE V . Virtual ghost:protecting applications from hostile operating systems[A]. Proc of the 19th In-ternational Conference on Architectural Support for Programming Languages and Operating Systems,ASPLOS 2014[C]. 2014.81-96.
[10]	SAILER R , ZHANG X , JAEGER T , VAN DOORN L . Design and implementation of a TCG-based integrity measurement architecture[A]. Proc of the 13th USENIX Security Symposium[C]. 2004.16.
[11]	KIL C , SEZER E , AZAB A , NING P , ZHANG X . Remote attestation to dynamic system properties:towards providing complete system in-tegrity evidence[A]. Proc of the 39th International Conference on De-pendable Systems and Networks[C]. 2009.
[12]	ZHANG F , CHEN H B . Security-preserving live migration of virtual machines in the cloud[J]. Journal of Network and Systems Manage-ment, 2013,21(4): 562-587.
[13]	AZAB A , NING P , WANG Z , et al. HyperSentry:enabling stealthy in-context measurement of hypervisor integrity[A]. Proc of the 17th Con-ference on Computer and Communications Security[C]. 2010.38-49.
[14]	AZAB A , NING P , SEZER E , et al. A hypervisor-based integrity measurement agent[A]. Proc of the Annual Computer Security Appli-cations Conference[C]. 2009.461-470.
[15]	DAVI L , SADEGHI A , WINANDY M . Dynamic.integrity measure-ment and attestation:towards defense against return-oriented pro-gramming attacks[A]. Proc of the 2009 ACM Workshop on Scalable Trusted Computing[C]. 2009.49-54.
[16]	LIU Z , LEE J , ZENG J , et al. CPU transparent protection of OS kernel and hypervisor integrity with programmable DRAM[A]. Proc of The 40th In-ternational Symposium on Computer Architecture[C]. 2013.392-403.
[17]	SAILER R , ZHANG X , JAEGER T , et al. Design and implementation of a TCG-based integrity measurement architecture[A]. Proc of the 13th Usenix Security Symposium[C]. 2004.
[18]	WANG Z , JIANG X X . Hypersafe:a lightweight approach to provide lifetime hypervisor control-flow integrity[A]. Proc of IEEE Sympo-sium on Security and Privacy[C]. 2010.
[19]	CLARK C , FRASER K , HAND S , et al. Live migration of virtual machines[A]. Proc of the 2nd Symposium on Networked Systems De-sign and Implementation[C]. 2005.
[20]	JO C , GUSTAFSSON E , SON J , et al. Efficient live migration of virtual machines using shared storage[A]. Proc of the 9th Annual International Conference on Virtual Execution Environments[C]. 2013.41-50.
[21]	SONG X , SHI J C , LIU R , et al. Parallelizing live migration of virtual machines[A]. Proc of the 9th Annual International Conference on Virtual Execution Environments[C]. 2013.85-96.
[22]	TAKEMURA C , CRAWFORD L . The Book of Xen:A Practical Guide for the System Administrator[A]. No Starch Press, 2009.
[23]	Xen Project.[EB/OL] .
[24]	WANG Z , JIANG X X , CUI W D , et al. Countering kernel rootkits with lightweight hook protection[A]. Proc of the 16th ACM Conference on Computer and Communications Security[C]. 2009.

ID	IP地址	静态度量	动态度量	邻接ID	安全标签
1	10.3.3.1	1	95	Q	Top
2	10.3.3.2	1	80	1	Middle
3	10.3.3.3	1	90	2	Low
...	10.3.3....	1	…	…	…
Q	10.3.3.Q	1	85	Q?1	Top