VMOffset:虚拟机自省中一种语义重构改进方法

虚拟机自省是一种在虚拟机外部获取目标虚拟机信息，并对其运行状态进行监控分析的方法.针对现有虚拟机自省方法在语义重构过程中存在的可移植性差、效率较低的问题，提出了一种语义重构改进方法VMOffset.该方法基于进程结构体成员自身属性制定约束条件，可在不知道目标虚拟机内核版本的情况下，自动获取其进程结构体关键成员偏移量，所得偏移量可提供给开源或自主研发的虚拟机自省工具完成语义重构.在KVM（kernel-based virtual machine）虚拟化平台上实现了VMOffset原型系统，并基于不同内核版本操作系统的虚拟机，对VMOffset的有效性及性能进行实验分析.结果表明：VMOffset可自动完成各目标虚拟机中进程级语义的重构过程，具有可移植性与安全性，且仅对目标虚拟机的启动阶段引入0.05%之内的性能损耗.

VMOffset: Semantic Reconstruction Improvement Method in Virtual Machine Introspection

Virtual machine introspection is a method to acquire the information of the target virtual machine, and monitor as well as analyze its running status outside the target virtual machine. Aiming at the problem of poor portability and low efficiency in the process of semantic reconstruction of existing virtual machine introspection method, a sematic reconstruction improvement method is proposed in this study. In this method, constraint conditions are made based on the characteristics of the process structure members, and the offsets of the process structure key members are automatically obtained without knowing the kernel version of the target virtual machine, and the resulting offsets can be provided to the open source or self-developed virtual machine introspection tools to complete the process of semantic reconstruction. The VMOffset prototype system is implemented on the KVM (kernel-based virtual machine) virtualization platform, and the effectiveness and performance of VMOffset are experimentally analyzed based on virtual machines of different kernel version operating systems. The results show that VMOffset can automatically complete the process-level semantic reconstruction process of each target virtual machine, and only introduces the performance loss within 0.05% in the startup phase of the target virtual machine.