| 虚拟机自省技术研究与应用进展 |
| |
| 引用本文: | 李保珲,徐克付,张鹏,郭莉,胡玥,方滨兴. 虚拟机自省技术研究与应用进展[J]. 软件学报, 2016, 27(6): 1384-1401 |
| |
| 作者姓名: | 李保珲 徐克付 张鹏 郭莉 胡玥 方滨兴 |
| |
| 作者单位: | 北京邮电大学 计算机学院,北京 100876;中国科学院信息工程研究所,北京 100093;信息内容安全技术国家工程实验室,北京 100093,中国科学院信息工程研究所,北京 100093;信息内容安全技术国家工程实验室,北京 100093,中国科学院信息工程研究所,北京 100093;信息内容安全技术国家工程实验室,北京 100093,中国科学院信息工程研究所,北京 100093;信息内容安全技术国家工程实验室,北京 100093,中国科学院信息工程研究所,北京 100093;信息内容安全技术国家工程实验室,北京 100093,北京邮电大学 计算机学院,北京 100876;中国科学院信息工程研究所,北京 100093;信息内容安全技术国家工程实验室,北京 100093 |
| |
| 基金项目: | 国家自然科学基金(61402464);国家高技术研究发展计划(863)(2015AA016005) |
| |
| 摘 要: | 虚拟机自省技术是备受学术界和工业界关注的安全方法,在入侵检测、内核完整性保护等多方面发挥了重要作用.该技术在实现过程中面临的一个核心难题是底层状态数据与所需高层语义之间的“语义鸿沟”,该难题限制了虚拟机自省技术的发展与广泛应用.为此,本文基于语义重构方式的不同将现有的虚拟机自省技术分为四类,并针对每一类自省技术中的关键问题及其相关工作进行了梳理;然后,在安全性、性能及可获取的高层语义信息量等方面对这四类方法进行了比较分析,结果显示不同方法在指定比较维度上均有较大波动范围,安全研究人员需综合考虑四类方法的特点设计满足自身需求的虚拟机自省方案.最后,本文详细介绍了虚拟机自省技术在安全领域的应用情况,并指出了该技术在安全性、实用性及透明性等方面需深入研究的若干问题.
|
| 关 键 词: | 虚拟机自省 语义鸿沟 软件结构知识 硬件架构知识 安全应用 |
| 收稿时间: | 2015-08-15 |
| 修稿时间: | 2015-10-09 |
Research and Application Progress of Virtual Machine Introspection Technology |
| |
| LI Bao-Hui,XU Ke-Fu,ZHANG Peng,GUO Li,HU Yue and FANG Bin-Xing. Research and Application Progress of Virtual Machine Introspection Technology[J]. Journal of Software, 2016, 27(6): 1384-1401 |
| |
| Authors: | LI Bao-Hui XU Ke-Fu ZHANG Peng GUO Li HU Yue FANG Bin-Xing |
| |
| Affiliation: | School of Computer Science, Beijing University of Posts and Telecommunication, Beijing 100876, China;Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China;National Engineering Laboratory for Information Security Technology, Beijing 100093, China,Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China;National Engineering Laboratory for Information Security Technology, Beijing 100093, China,Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China;National Engineering Laboratory for Information Security Technology, Beijing 100093, China,Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China;National Engineering Laboratory for Information Security Technology, Beijing 100093, China,Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China;National Engineering Laboratory for Information Security Technology, Beijing 100093, China and School of Computer Science, Beijing University of Posts and Telecommunication, Beijing 100876, China;Institute of Information Engineering, The Chinese Academy of Sciences, Beijing 100093, China;National Engineering Laboratory for Information Security Technology, Beijing 100093, China |
| |
| Abstract: | Virtual machine introspection (VMI) has received much attention from both academic and industrial community, and plays an important role in intrusion detection, kernel integrity protection and many other areas. However, the semantic gap has greatly limited the development of this technology. In this respect, this paper divides existing VMI technologies into four categories based on the methods of semantic reconstruction, followed by the problems and their corresponding researches. Analysis results reveal the difficulties in meeting all the requirements. The paper therefore details the relevant applied research in security based on VMI. Finally, it presents the future research directions that need in-depth study, such as VMI''s security, availability and transparency. |
| |
| Keywords: | virtual machine introspection semantic gap knowledge of software structure knowledge of hardware architecture security applications |
|
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
