Information transfer model of virtual machine based on storage covert channel |
| |
Authors: | WANG Xiaorui WANG Qingxian GUO Yudong LU Jianping |
| |
Institution: | 1. Fourth Department, PLA Information Engineering University,Zhengzhou 450002, Henan, China 2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450002, Henan, China 3. Department of Communication Command, Chongqing Communication Institute, Chongqing 400035, China |
| |
Abstract: | Aiming at the problem that virtual machine information cannot be extracted incompletely, we extend the typical information extraction model of virtual machine and propose a perception mechanism in virtualization system based on storage covert channel to overcome the affection of the semantic gap. Taking advantage of undetectability of the covert channel, a secure channel is established between Guest and virtual machine monitor to pass data directly. The Guest machine can pass the control information of malicious process to virtual machine monitor by using the VMCALL instruction and shared memory. By parsing critical information in process control structure, virtual machine monitor can terminate the malicious processes. The test results show that the proposed mechanism can clear the user-level malicious programs in the virtual machine effectively and covertly. Meanwhile, its performance overhead is about the same as that of other mainstream monitoring mode. |
| |
Keywords: | virtualization safety protection information extraction of virtual machine covert channel process control structure |
本文献已被 CNKI 万方数据 SpringerLink 等数据库收录! |
|