| 系统虚拟化环境下客户机系统调用信息捕获与分析 |
| |
| 引用本文: | 宁强,崔超远,李勇钢.系统虚拟化环境下客户机系统调用信息捕获与分析[J].计算机系统应用,2019,28(3):73-79. |
| |
| 作者姓名: | 宁强 崔超远 李勇钢 |
| |
| 作者单位: | 中国科学院合肥物质科学研究院智能机械研究所,合肥230031;中国科学技术大学,合肥230026;中国科学院合肥物质科学研究院智能机械研究所,合肥,230031 |
| |
| 摘 要: | 针对当前方法无法对系统调用参数和返回值等信息进行捕获和分析的问题,在Nitro的基础上建立了一个实时监视客户机内系统调用的系统.该系统通过修改硬件规范和指令重写,实现对快速系统调用进入和退出指令的捕捉和分析.之后,结合VCPU的上下文信息和系统调用的语义模板解析各参数;捕获到系统调用退出指令后,则根据VCPU寄存器信息解析返回值.实验证明,与同类捕获系统调用的方法相比,该系统可以实时捕获客户机内的系统调用序列,解析得到完整的系统调用信息,包括系统调用名、系统调用号、参数和返回值.该系统还能区分不同进程产生的系统调用,并在宿主机中引入了不超过15%的性能开销.
|
| 关 键 词: | 系统调用序列 系统调用参数 系统调用返回值 KVM 指令重写 |
| 收稿时间: | 2018/9/5 0:00:00 |
| 修稿时间: | 2018/9/27 0:00:00 |
Capture and Analysis of Guest System Calls' Information in System Virtualization Environment |
| |
| NING Qiang,CUI Chao-Yuan and LI Yong-Gang.Capture and Analysis of Guest System Calls' Information in System Virtualization Environment[J].Computer Systems& Applications,2019,28(3):73-79. |
| |
| Authors: | NING Qiang CUI Chao-Yuan and LI Yong-Gang |
| |
| Affiliation: | Institute of Intelligent Machines, Hefei Institutes of Physical Science, Chinese Academy of Sciences, Hefei 230031, China;University of Science and Technology of China, Hefei 230026, China,Institute of Intelligent Machines, Hefei Institutes of Physical Science, Chinese Academy of Sciences, Hefei 230031, China and Institute of Intelligent Machines, Hefei Institutes of Physical Science, Chinese Academy of Sciences, Hefei 230031, China;University of Science and Technology of China, Hefei 230026, China |
| |
| Abstract: | For the problem that current methods unable to capture and analyze the system call parameters and return values, a system for real-time monitoring of system calls in the guest was established based on Nitro. The system capture and analyze fast system call entry and exit instructions by modifying hardware specifications and rewriting instructions. After capturing the system call entry instruction, the parameters are parsed according to the context information of the VCPU and the semantic template of the system call; after the system call exit instruction is captured, the return value is parsed according to the VCPU register information. Compared with the similar capture system call method, experiments show that the system can capture the system call sequence in the guest in real time, and obtain complete system call information including system call name, system call number, parameters, and return value. The system can also distinguish between system calls generated by different processes and brings no more than 15% performance overhead to the host. |
| |
| Keywords: | system call sequence system call parameters system call return value KVM instruction rewriting |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
|
