随着虚拟化广泛应用于如云计算等各种领域,渐渐成为各种恶意攻击的目标.虚拟机的运行时安全是重中之重.针对此问题,提出一种适用于虚拟化环境下的监测方法,并且在Xen中实现虚拟机的一个安全监测原型系统.通过这个系统,特权虚拟机可以对同一台物理机器上的大量客户虚拟机进行动态、可定制的监控.特别地,本系统对于潜伏在操作系统内核中的rootkit的检测十分有效.这种安全监测方法能有效提高客户虚拟机以及整个虚拟机系统的安全性.%As visualisation is widely applied to various fields such as cloud computing, it gradually becomes a target that various malicious attacks aim at. The runtime security of virtual machines is of the most importance. Aiming at this problem, a monitoring scheme suitable for virtualized environments is proposed. Moreover a security monitoring prototype system of a virtual machine is implemented in Xen. With this scheme, a privileged virtual machine can execute dynamic and customized monitoring upon the massive client virtual machines hosted in a same physical machine. Particularly, this system is very effective at detecting rootkits inside OS kernels. The security monitoring scheme can effectively increase the security not only of client virtual machines but also of the whole VM system.
展开▼
