基于硬件虚拟化的虚拟机进程代码分页式度量方法

云环境下恶意软件可利用多种手段篡改虚拟机（VM）中关键业务代码,威胁其运行的稳定性。传统的基于主机的度量系统易被绕过或攻击而失效,针对在虚拟机监视器（VMM）层难以获取虚拟机中运行进程完整代码段并对其进行完整性验证的问题,提出基于硬件虚拟化的虚拟机进程代码分页式度量方法。该方法以基于内核的虚拟机（KVM）作为虚拟机监视器,在VMM层捕获虚拟机进程的系统调用作为度量流程的触发点,基于相对地址偏移解决了不同版本虚拟机之间的语义差异,实现了分页式度量方法在VMM层透明地验证虚拟机中运行进程代码段的完整性。实现的原型系统——虚拟机分页式度量系统（VMPMS）能有效度量虚拟机中进程,性能损耗在可接受范围内。     

VM aware journaling: improving journaling file system performance in virtualization environments

Journaling file systems, which are widely used in modern operating systems, guarantee file system consistency and data integrity by logging file system updates to a journal, which is a reserved space on the storage, before the updates are written to the data storage. Such journal writes increase the write traffic to the storage and thus degrade the file system performance, especially in full data journaling, which logs both metadata and data updates. In this paper, a new journaling approach is proposed to eliminate journal writes in server virtualization environments, which are gaining in popularity in server platforms. Based on reliable hardware subsystems and virtual machine monitor (VMM), the proposed approach eliminates journal writes by retaining journal data (i.e. logged file system updates) in the memory of each virtual machine and ensuring the integrity of these journal data through cooperation between the journaling file systems and the VMM. We implement the proposed approach in Linux ext3 in the Xen virtualization environment. According to the performance results, a performance improvement of up to 50.9journaling approach of ext3 due to journal write elimination. In metadata‐write dominated workloads, this approach could even outperform the metadata journaling approaches of ext3, which do not guarantee data integrity. These results demonstrate that, on virtual servers with reliable VMM and hardware subsystems, the proposed approach is an effective alternative to traditional journaling approaches. Copyright © 2011 John Wiley & Sons, Ltd.     

嵌入式虚拟化技术

计算机系统虚拟化技术是IT领域近几年的热点技术。虚拟化技术的下一步发展方向是嵌入式系统。嵌入式系统进行虚拟化是在嵌入式硬件平台和操作系统之间加入一层叫做虚拟机管理器的软件,由后者构造出可运行多种操作系统的虚拟机。国外多家公司和大学已对嵌入式虚拟化技术展开研究。嵌入式虚拟化的好处包括减少嵌入式系统开发成本、缩短产品上市周期、利于整合功能、减少功耗、软件资产保值和增强安全性与可靠性。嵌入式虚拟化技术面临的问题包括实时调度问题、嵌入式硬件平台多样性问题、电源管理问题以及跨虚拟机通信问题。嵌入式虚拟化技术将给嵌入式领域带来重大变化,值得关注。     

Rethinking the design of virtual machine monitors

A virtual machine monitor is a software system that partitions a single physical machine into multiple virtual machines. Traditionally, VMMs have created a precise replica of the underlying physical machine. Through faithful emulation, VMMs support the execution of legacy guest operating systems such as Windows or Linux without modifications. However, traditional VMMs suffer from poor scalability and extensibility. To overcome the poor scalability and extensibility of traditional virtual machine monitors that partition a single physical machine into multiple virtual machines, the Denali VMM uses paravirtualization to promote scalability and hardware interposition to promote extensibility.     

Transparent VPN failure recovery with virtualization

Cloud computing is widely used to provide today’s Internet services. Since its service scope is being extended to a wide range of business applications, the security of network communications between clients and clouds are becoming important. Several cloud vendors support virtual private networks (VPNs) for connecting their clouds. Unfortunately, cloud services become unavailable when a VPN failure occurred in a VPN gateway or networks. We propose a transparent VPN failure recovery scheme that can hide VPN failures from users and operating systems (OSs). This scheme transparently recovers from VPN failures by establishing VPN connections in a virtualization layer. When a VPN failure occurs, a client virtual machine monitor (VMM) automatically reconnects to an available VPN gateway which is geographically distributed and connected via leased lines in clouds. IP address changes are hidden from client OSs and servers via a packet relay system implemented by a relay client in the client VMM and a relay server. We implemented a prototype system based on BitVisor, a small client VMM supporting IPsec VPN, and evaluated the prototype system in a wide-area distributed Internet environment in Japan. Experimental results show that our scheme can maintain TCP connections on VPN failures, and performance overhead with the virtualization layer is around 0.6 ms to latency and 8%-30% to throughput.     

基于硬件辅助虚拟化技术的反键盘记录器模型

结合已有的键盘记录器,分析了Windows中从用户按键到应用程序处理消息的过程,并针对该过程详细分析了可能出现的安全威胁。在此基础上提出了基于硬件辅助虚拟化的反键盘记录器模型。利用CPU提供的硬件辅助虚拟化技术实现了虚拟机监控器,当获取用户输入时通过在虚拟机监控器中自主处理键盘中断并将读取到的键盘扫描码信息交由受保护的用户线程来保护用户键盘输入的安全。     

基于硬件虚拟化的安全高效内核监控模型

传统的基于虚拟化内核监控模型存在两个方面的不足:(1) 虚拟机监控器(virtual machine monitor,简称VMM)过于复杂,且存在大量攻击面(attack surface),容易受到攻击;(2) VMM执行过多虚拟化功能,产生严重的性能损耗.为此,提出了一种基于硬件虚拟化的安全、高效的内核监控模型HyperNE.HyperNE舍弃VMM中与隔离保护无关的虚拟化功能,允许被监控系统直接执行特权操作,而无需与VMM交互;同时,HyperNE利用硬件虚拟化中的新机制,在保证安全监控软件与被监控系统隔离的前提下,两者之间的控制流切换也无需VMM干预.这样,HyperNE一方面消除了VMM的攻击面,有效地削减了监控模型TCB(trusted computing base);另一方面也避免了虚拟化开销,显著提高了系统运行效率和监控性能.     

一种基于完整性保护的终端计算机安全防护方法

终端计算机是网络空间活动的基本单元,其安全性直接关系着网络环境和信息系统的安全.提出了一种基于完整性保护的终端计算机安全防护方法,它将完整性度量和实时监控技术相结合,保证终端计算机运行过程的安全可信.建立了以TPM为硬件可信基、虚拟监控器为核心的防护框架,采用完整性度量方法建立从硬件平台到操作系统的基础可信链;在系统运行过程中监控内核代码、数据结构、关键寄存器和系统状态数据等完整性相关对象,发现并阻止恶意篡改行为,以保证系统的完整、安全和可靠.利用Intel VT硬件辅助虚拟化技术,采用半穿透结构设计实现了轻量级虚拟监控器,构建了原型系统.测试表明,该方法能够对终端计算机实施有效的保护,且对其性能的影响较小.     

DMM:A dynamic memory mapping model for virtual machines

Memory virtualization is an important part in the design of virtual machine monitors(VMM).In this paper,we proposed dynamic memory mapping(DMM) model,a mechanism that allows the VMM to change the mapping between a virtual machine's physical memory and the underlying hardware resource while the virtual machine is running.By utilizing DMM,the VMM can implement many novel memory management policies,such as Demand Paging,Swapping,Ballooning,Memory Sharing and Copy-On-Write,while preserving compatibility with va...     

一种恶意软件行为分析系统的设计与实现

基于虚拟化技术的恶意软件行为分析是近年来出现的分析恶意软件的方法。该方法利用虚拟化平台良好的隔离性和控制力对恶意软件运行时的行为进行分析,但存在两方面的不足：一方面,现有虚拟机监视器（Virtual Machine Monitor,VMM）的设计初衷是提高虚拟化系统的通用性和高效性,并没有充分考虑虚拟化系统的透明性,导致现有的VMM很容易被恶意软件的环境感知测试所发现。为此,提出一种基于硬件辅助虚拟化技术的恶意软件行为分析系统——THVA。THVA是一个利用了安全虚拟机（SVM）、二级页表（NPT）和虚拟机自省等多种虚拟化技术完成的、专门针对恶意软件行为分析的微型VMM。实验结果表明,THVA在行为监控和反恶意软件检测方面表现良好。     

基于AMD硬件内存加密机制的关键数据保护方案

长期以来,保护应用程序关键数据（如加密密钥、用户隐私信息等）的安全一直是个重要问题,操作系统本身巨大的可信计算基使其不可避免的具有许多漏洞,而这些漏洞则会被攻击者利用进而威胁到应用程序的关键数据安全。虚拟化技术的出现为解决此类问题提供了一定程度的帮助,虚拟化场景下虚拟机监控器实际管理物理内存,可以通过拦截虚拟机的关键操作为应用程序提供保护,而硬件内存加密机制则能够解决应用程序在运行时内存中明文数据被泄露的问题。本文基于虚拟化技术和AMD的硬件内存加密机制,提出了一套高效的关键数据保护方案,并通过应用解耦和技术将关键数据与代码与其余的正常数据与代码分离并置于隔离的安全环境中运行从而达到保护关键数据的目的。测试显示,软件带来的系统性能开销小于1%,关键部分的性能开销小于6%,常见应用的延迟在接受范围内。系统能够成功保护应用程序如私钥等关键数据免受恶意操作系统的读取与Bus Snooping、Cold Boot等物理攻击。     

Virtual machines for enterprise desktop security

A virtual machine monitor (VMM) allows a single computer to run two or more operating systems at the same time. VMMs are relatively simple and are typically built to high assurance standards, which means that the quality of isolation provided by a virtual machine monitor is usually greater than that which can be achieved with a general-purpose operating system. This paper discusses how the flexibility afforded by multiple OS environments and the robust isolation provided by a virtual machine monitor can be used to improve client PC security. A prototype system is also described.This paper is neither a product announcement nor an official Microsoft position paper, but rather it is a discussion of interesting configuration options that can be constructed using existing Microsoft and third-party products: in this case two or more operating systems running in conjunction with a virtual machine monitor.     

Optimizing guest swapping using elastic and transparent memory provisioning on virtualization platform

On virtualization platforms, peak memory demand caused by hotspot applications often triggers page swapping in guest OS, causing performance degradation inside and outside of this virtual machine (VM). Even though host holds sufficient memory pages, guest OS is unable to utilize free pages in host directly due to the semantic gap between virtual machine monitor (VMM) and guest operating system (OS). Our work aims at utilizing the free memory scattered in multiple hosts in a virtualization environment to improve the performance of guest swapping in a transparent and implicit way. Based on the insightful analysis of behavioral characteristics of guest swapping, we design and implement a distributed and scalable framework HybridSwap. It dynamically constructs virtual swap pools using various policies, and builds up a synthetic swapping mechanism in a peer-to-peer way, which can adaptively choose different virtual swap pools.We implement the prototype of HybridSwap and evaluate it with some benchmarks in different scenarios. The evaluation results demonstrate that our solution has the ability to promote the guest swapping efficiency indeed and shows a double performance promotion in some cases. Even in the worst case, the system overhead brought by HybridSwap is acceptable.     

Mercury: Combining Performance with Dependability Using Self-Virtualization

Virtualization has recently gained popularity largely due to its promise in increasing utilization,improving availability and enhancing security.Very often,the role of computer systems needs to change ...     

Architectural virtualization extensions: A systems perspective

Owing to the increase in demand for virtualization in recent years, both Intel and AMD have added virtualization extensions to the Intel 64 architecture. These architectural extensions provide hardware support aimed at improving the performance of system virtual machines (VM). Although extensive studies on various aspects of system VMs, in particular Xen but also KVM, have been reported in the literature, there has been no work specifically focused on Intel’s virtualization extensions. The survey presented here is a comprehensive study of the Intel 64 architecture’s architectural virtualization extensions and their use in system virtual machines, as exemplified by KVM. We describe a novel evaluation environment used in this study. Using this environment, we show and explain the correlation between architectural limitations of the hardware extensions and the performance of virtualization. The present review also describes the implementation and performance of a Virtio block device.     

应用内存超售在虚拟化环境中优化SGX的性能

随着安全性在云计算中越来越受到关注,英特尔自2015年起提出了SGX.它提供enclave,并保护enclave中的应用程序免受不信任的软件(包括客户操作系统和虚拟机监视器)和硬件(英特尔CPU包除外)的攻击.然而,SGX只能支持256MB的enclave内存EPC.因此,在不同的虚拟机之间高效分配宝贵的EPC资源对整...     

基于显卡直接分配的虚拟机图形加速系统①

介绍了设计并实现的基于显卡直接分配的虚拟机图形加速系统Gracias,它的思想是把显卡直接分配给某一台完全虚拟化的虚拟机使用。这样一来,虚拟机中显卡的设备驱动程序对于显卡的使用和访问操作就不会被虚拟机监控器所拦截,也不用通过软件模拟的方式来处理这些访问请求,而是直接交给真实的硬件去完成。这使得对图形处理要求很高的程序在虚拟机中可以获得比普通虚拟化方法高很多的性能提升。     

A flexible data schema and system architecture for the virtualization of manufacturing machines (VMM)

Future factories will feature strong integration of physical machines and cyber-enabled software, working seamlessly to improve manufacturing production efficiency. In these digitally enabled and network connected factories, each physical machine on the shop floor can have its ‘virtual twin’ available in cyberspace. This ‘virtual twin’ is populated with data streaming in from the physical machines to represent a near real-time as-is state of the machine in cyberspace. This results in the virtualization of a machine resource to external factory manufacturing systems. This paper describes how streaming data can be stored in a scalable and flexible document schema based database such as MongoDB, a data store that makes up the virtual twin system. We present an architecture, which allows third-party integration of software apps to interface with the virtual manufacturing machines. We evaluate our database schema against query statements and provide examples of how third-party apps can interface with manufacturing machines using the VMM middleware. Finally, we discuss an operating system architecture for VMMs across the manufacturing cyberspace, which necessitates command and control of various virtualized manufacturing machines, opening new possibilities in cyber-physical systems in manufacturing.     

基于VMM的操作系统隐藏对象关联检测技术

恶意软件通过隐藏自身行为来逃避安全监控程序的检测.当前的安全监控程序通常位于操作系统内部,难以有效检测恶意软件,特别是内核级恶意软件的隐藏行为.针对现有方法中存在的不足,提出了基于虚拟机监控器(virtual machine monitor,简称VMM)的操作系统隐藏对象关联检测方法,并设计和实现了相应的检测系统vDetector.采用隐式和显式相结合的方式建立操作系统对象的多个视图,通过对比多视图间的差异性来识别隐藏对象,支持对进程、文件及网络连接这3种隐藏对象的检测,并基于操作系统语义建立隐藏对象间的关联关系以识别完整攻击路径.在KVM虚拟化平台上实现了vDetector的系统原型,并通过实验评测vDetector的有效性和性能.结果表明,vDetector能够有效检测出客户操作系统(guest OS)中的隐藏对象,且性能开销在合理范围内.     

The architecture of virtual machines

A virtual machine can support individual processes or a complete system depending on the abstraction level where virtualization occurs. Some VMs support flexible hardware usage and software isolation, while others translate from one instruction set to another. Virtualizing a system or component -such as a processor, memory, or an I/O device - at a given abstraction level maps its interface and visible resources onto the interface and resources of an underlying, possibly different, real system. Consequently, the real system appears as a different virtual system or even as multiple virtual systems. Interjecting virtualizing software between abstraction layers near the HW/SW interface forms a virtual machine that allows otherwise incompatible subsystems to work together. Further, replication by virtualization enables more flexible and efficient and efficient use of hardware resources.