| 基于硬件虚拟化的安全高效内核监控模型 |
| |
| 引用本文: | 黄啸,邓良,孙浩,曾庆凯.基于硬件虚拟化的安全高效内核监控模型[J].软件学报,2016,27(2):481-494. |
| |
| 作者姓名: | 黄啸 邓良 孙浩 曾庆凯 |
| |
| 作者单位: | 计算机软件新技术国家重点实验室南京大学, 江苏 南京 210023;南京大学 计算机科学与技术系, 江苏 南京 210023,计算机软件新技术国家重点实验室南京大学, 江苏 南京 210023;南京大学 计算机科学与技术系, 江苏 南京 210023,计算机软件新技术国家重点实验室南京大学, 江苏 南京 210023;南京大学 计算机科学与技术系, 江苏 南京 210023,计算机软件新技术国家重点实验室南京大学, 江苏 南京 210023;南京大学 计算机科学与技术系, 江苏 南京 210023 |
| |
| 基金项目: | 国家自然科学基金(61170070, 61572248, 61431008, 61321491); 国家科技支撑计划(2012BAK26B01) |
| |
| 摘 要: | 传统的基于虚拟化内核监控模型存在两个方面的不足:(1) 虚拟机监控器(virtual machine monitor,简称VMM)过于复杂,且存在大量攻击面(attack surface),容易受到攻击;(2) VMM执行过多虚拟化功能,产生严重的性能损耗.为此,提出了一种基于硬件虚拟化的安全、高效的内核监控模型HyperNE.HyperNE舍弃VMM中与隔离保护无关的虚拟化功能,允许被监控系统直接执行特权操作,而无需与VMM交互;同时,HyperNE利用硬件虚拟化中的新机制,在保证安全监控软件与被监控系统隔离的前提下,两者之间的控制流切换也无需VMM干预.这样,HyperNE一方面消除了VMM的攻击面,有效地削减了监控模型TCB(trusted computing base);另一方面也避免了虚拟化开销,显著提高了系统运行效率和监控性能.
|
| 关 键 词: | 虚拟化 内核监控 特权模式切换 攻击面 |
| 收稿时间: | 2015/2/11 0:00:00 |
| 修稿时间: | 5/8/2015 12:00:00 AM |
Secure and Efficient Kernel Monitoring Model Based on Hardware Virtualization |
| |
| HUANG Xiao,DENG Liang,SUN Hao and ZENG Qing-Kai.Secure and Efficient Kernel Monitoring Model Based on Hardware Virtualization[J].Journal of Software,2016,27(2):481-494. |
| |
| Authors: | HUANG Xiao DENG Liang SUN Hao and ZENG Qing-Kai |
| |
| Affiliation: | State Key Laboratory for Novel Software Technology Nanjing University, Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China,State Key Laboratory for Novel Software Technology Nanjing University, Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China,State Key Laboratory for Novel Software Technology Nanjing University, Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China and State Key Laboratory for Novel Software Technology Nanjing University, Nanjing 210023, China;Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China |
| |
| Abstract: | Traditional kernel monitoring models based on virtualization have two main drawbacks: 1) Virtual machine monitor (VMM) is vulnerable to attacks due to its non-trivial complexity and considerable attack surface; 2) VMM executes redundant virtualization functionalities, leading to heavy performance loss. To address those issues, this paper proposes a secure and efficient kernel monitoring model, named HyperNE, based on hardware virtualization. In HyperNE, any virtualization functionalities that are isolation and protection unrelated are removed from VMM, and guest OS is allowed to directly conduct privileged operations with no need to interact with VMM. Meanwhile, without sacrificing isolation guarantees, HyperNE utilizes a newly supported virtualization feature to transfer execution between security monitoring applications and guest OS in a controlled manner with no VMM involvement. As a result, HyperNE can not only eliminate the attack surface of VMM and effectively reduce trusted computing base (TCB) size of monitoring model, but also greatly improve system and monitoring performance by avoiding virtualization overheads. |
| |
| Keywords: | virtualization kernel monitoring privilege mode switch attack surface |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
