本文選題：虛擬化 + 函數(shù)截獲��； 參考：《計(jì)算機(jī)學(xué)報(bào)》2017年02期

【摘要】：如何有效保證云平臺(tái)虛擬機(jī)客戶機(jī)系統(tǒng)安全運(yùn)行是目前的熱點(diǎn)研究問(wèn)題,客戶機(jī)系統(tǒng)函數(shù)的截獲和控制方法是實(shí)現(xiàn)監(jiān)控客戶機(jī)系統(tǒng)的關(guān)鍵技術(shù)之一.已有基于操作系統(tǒng)內(nèi)核接口的安全監(jiān)控方案和基于虛擬化技術(shù)的虛擬機(jī)自省方案中所采用的函數(shù)截獲和控制方法雖能滿足安全監(jiān)控的需求,但仍存在一些缺陷:函數(shù)截獲動(dòng)作容易被旁路;系統(tǒng)調(diào)用截獲方式單一且局限,無(wú)法截獲客戶機(jī)應(yīng)用程序內(nèi)部函數(shù);無(wú)法控制函數(shù)的執(zhí)行流程;安全機(jī)制引入較大額外性能開(kāi)銷等.該文提出了一種基于虛擬化技術(shù)的自動(dòng)化客戶機(jī)系統(tǒng)函數(shù)截獲和控制方案VMSPY.作者在VMM中實(shí)現(xiàn)模塊的主要功能,通過(guò)反匯編引擎對(duì)客戶機(jī)系統(tǒng)代碼自動(dòng)分析,動(dòng)態(tài)生成并在合適位置插入經(jīng)過(guò)設(shè)計(jì)的特權(quán)指令序列,實(shí)現(xiàn)對(duì)客戶機(jī)操作系統(tǒng)的系統(tǒng)調(diào)用截獲,在不受地址隨機(jī)化技術(shù)的影響下對(duì)應(yīng)用程序內(nèi)部函數(shù)截獲;在VMM中按策略自動(dòng)模擬執(zhí)行被截獲函數(shù)的代碼指令序列,實(shí)現(xiàn)對(duì)客戶機(jī)系統(tǒng)調(diào)用函數(shù)和應(yīng)用程序函數(shù)的執(zhí)行流程控制;通過(guò)內(nèi)存頁(yè)權(quán)限機(jī)制保護(hù)在客戶機(jī)系統(tǒng)中插入的特權(quán)指令序列,防止客戶機(jī)系統(tǒng)對(duì)監(jiān)控模塊的影響;通過(guò)一種緩存機(jī)制,盡可能地減少額外性能開(kāi)銷.
[Abstract]:How to effectively ensure the safe operation of the virtual machine client system on cloud platform is a hot research issue at present. The interception and control method of client system function is one of the key technologies to realize monitoring client system. The existing security monitoring schemes based on the kernel interface of the operating system and the virtual machine introspection scheme based on virtualization technology can meet the needs of security monitoring although the methods of function interception and control can meet the requirements of security monitoring. However, there are still some defects: the action of function interception is easily bypassed, the mode of system call interception is single and limited, the internal function of client application can not be intercepted, the execution flow of function can not be controlled. Security mechanism introduces a large additional performance overhead and so on. This paper presents an automatic client system function interception and control scheme VMSPY. based on virtualization technology. The author realizes the main function of the module in VMM, analyzes the client system code automatically by the disassembly engine, dynamically generates and inserts the designed privileged instruction sequence in the appropriate position, realizes the system call interception of the client operating system. In VMM, the sequence of code instructions that execute the intercepted function is automatically simulated according to the policy, and the code instruction sequence of the intercepted function is automatically simulated in the VMM, which is not affected by the technology of address randomization. Implement the execution flow control of the client system calling function and the application program function, protect the privileged instruction sequence inserted in the client system through the memory page permission mechanism, and prevent the influence of the client system on the monitoring module. The additional performance overhead is minimized by a caching mechanism.
【作者單位】： 南京大學(xué)軟件新技術(shù)國(guó)家重點(diǎn)實(shí)驗(yàn)室;南京大學(xué)計(jì)算機(jī)科學(xué)與技術(shù)系;
【基金】：國(guó)家“八六三”高技術(shù)研究發(fā)展計(jì)劃重大項(xiàng)目基金(2011AA01A202) 國(guó)家自然科學(xué)基金(61321491)資助~~
【分類號(hào)】：TP309
，

本文編號(hào)：2077298