Page 321 - 《软件学报》2021年第10期
P. 321
软件学报 ISSN 1000-9825, CODEN RUXUEW E-mail: jos@iscas.ac.cn
Journal of Software,2021,32(10):32933309 [doi: 10.13328/j.cnki.jos.006022] http://www.jos.org.cn
©中国科学院软件研究所版权所有. Tel: +86-10-62562563
VMOffset:虚拟机自省中一种语义重构改进方法
2,3
1,2
1,2
1,2
陈兴蜀 , 蔡梦娟 , 王 伟 , 王启旭 , 金 鑫 2,3
1
(四川大学 网络空间安全学院,四川 成都 610207)
2
(四川大学 网络空间安全研究院,四川 成都 610207)
3 (四川大学 计算机学院,四川 成都 610065)
通讯作者: 陈兴蜀, E-mail: chenxsh@scu.edu.cn
摘 要: 虚拟机自省是一种在虚拟机外部获取目标虚拟机信息,并对其运行状态进行监控分析的方法.针对现有
虚拟机自省方法在语义重构过程中存在的可移植性差、效率较低的问题,提出了一种语义重构改进方法 VMOffset.
该方法基于进程结构体成员自身属性制定约束条件,可在不知道目标虚拟机内核版本的情况下,自动获取其进程结
构体关键成员偏移量,所得偏移量可提供给开源或自主研发的虚拟机自省工具完成语义重构.在 KVM(kernel-based
virtual machine)虚拟化平台上实现了VMOffset原型系统,并基于不同内核版本操作系统的虚拟机,对VMOffset的有
效性及性能进行实验分析.结果表明:VMOffset 可自动完成各目标虚拟机中进程级语义的重构过程,具有可移植性
与安全性,且仅对目标虚拟机的启动阶段引入 0.05%之内的性能损耗.
关键词: 虚拟机自省;语义重构;偏移量;虚拟机监视器;可移植性
中图法分类号: TP303
中文引用格式: 陈兴蜀,蔡梦娟,王伟,王启旭,金鑫.VMOffset:虚拟机自省中一种语义重构改进方法.软件学报,2021,32(10):
32933309. http://www.jos.org.cn/1000-9825/6022.htm
英文引用格式: Chen XS, Cai MJ, Wang W, Wang QX, Jin X. VMOffset: Semantic reconstruction improvement method in
virtual machine introspection. Ruan Jian Xue Bao/Journal of Software, 2021,32(10):32933309 (in Chinese). http://www.jos.org.
cn/1000-9825/6022.htm
VMOffset: Semantic Reconstruction Improvement Method in Virtual Machine Introspection
1,2
1,2
2,3
1,2
CHEN Xing-Shu , CAI Meng-Juan , WANG Wei , WANG Qi-Xu , JIN Xin 2,3
1 (School of Cyber Science and Engineering, Sichuan University, Chengdu 610207, China)
2 (Cyber Science Research Institute, Sichuan University, Chengdu 610207, China)
3 (College of Computer Science, Sichuan University, Chengdu 610065, China)
Abstract: Virtual machine introspection is a method to acquire the information of the target virtual machine, and monitor as well as
analyze its running status outside the target virtual machine. Aiming at the problem of poor portability and low efficiency in the process of
semantic reconstruction of existing virtual machine introspection method, a sematic reconstruction improvement method is proposed in
this study. In this method, constraint conditions are made based on the characteristics of the process structure members, and the offsets of
the process structure key members are automatically obtained without knowing the kernel version of the target virtual machine, and the
resulting offsets can be provided to the open source or self-developed virtual machine introspection tools to complete the process of
semantic reconstruction. The VMOffset prototype system is implemented on the KVM (kernel-based virtual machine) virtualization
platform, and the effectiveness and performance of VMOffset are experimentally analyzed based on virtual machines of different kernel
基金项目: 国家自然科学基金(U19A2081, 61802270); 国家“双创”示范基地之变革性技术国际研发转化平台资助项目
(C700011); 四川省重点研发项目(2018G20100)
Foundation item: National Natural Science Foundation of China (U19A2081, 61802270); Transformational Technology Int’l
Research platform for National Dual Innovation Base (C700011); Key Research Projects in Sichuan (2018G20100)
收稿时间: 2018-12-01; 修改时间: 2019-07-04; 采用时间: 2020-01-02
