|Table of Contents|

Semantic reconstruction based on analysis of system call on Xen


Research Field:
Publishing date:


Semantic reconstruction based on analysis of system call on Xen
Zhong Yi1Li Shuying2Dong Shengjie1Xu Jian1Zhang Hong1
1.School of Computer Science and Engineering,NUST,Nanjing 210094,China; 2.Information and Electronic Department,Shangqiu Institute of Technology,Shangqiu 476000,China
virtualization semantic gap system calls
In view of that the virtual machine introspection(VMI)for solving the semantics gap can not receive the adequate message of guest virtual machines,a method of semantic reconstruction based on system calls on Xen is designed and implemented to eliminate the semantic gap and get the detailed information about the operation of virtual machine.The method intercepts the system calls of the virtual machine monitor layer to gain the low-level semantic of the guest virtual machine,reconstructs the senior semantic,and eliminates the semantic gap.Experimental results prove that the method can eliminate the semantic gap and maintain the performance overhead within 4%.


[1] 项国富,金海,邹德清,等.基于虚拟化的安全监控[J].软件学报,2012,23(8):2173-2187.
Xiang Guofu,Jin Hai,Zou Deqing,et al.Virtualization based security monitoring.[J].Journal of Software,2012,23(8):2173-2187.
[2]Payne B D,Carbone M,Sharif M,et al.Lares:An architecture for secure active monitoring using virtualization[A].Proc of the 29th IEEE Symp on Security and Privacy[C].Washington,US:IEEE Computer Society,2008:233-247.
[3]Barham P,Dragovic B,Fraser K,et al.Xen and the art of virtualization[J].ACM SIGOPS Operating Systems Review,2003,37(5):164-177.
[4]Harif M,Lee W,Cui W,et al.Secure in-VM monitoring using hardware virtualization[A].Proc of the 16th ACM Conference on Computer and Communications Security[C].New York,US:ACM Press,2009:477-487.
[5]Brendan Dolan-Gavitt,Tim Leeky,Michael Zhivichy,et al.VirtuoSo:Narrowing the semantic gap in virtual machine introspection[A].2011 IEEE Symposium on Security and Privacy[C].Oakland,US:IEEE,2011:297-312.
[6]Payne B D,De Carbone M D P,Lee W.Secure and flexible monitoring of virtual machines[A].Computer Security Applications Conference[C].Florida,US:IEEE Computer Society,2007:385-397.
[7]Jones S T,Arpaci-Dusseau A C,Arpaci-Dusseau R H.Antfarm:Tracking processes in a virtual machine environment[A].Proc of Annual USENIX Conference[C].Boston,US:General Track,2006:1-14.
[8]Jiang Xuxian,Wang Xinyuan,Xu Dongyan.Stealthy malware detection through vmm-based out-of-the-box semantic view reconstruction[A].Proceedings of the 14th ACM Conference on Computer and Communications security[C].Alexandria,US:ACM,2007:128-138.
Xu Jian,Jing Wenjuan,Yan Han,et al.Methodology for software architecture risk assessment[J].Journal of Nanjing University of Science and Technology,2010,34(5):680-685.
[10]黄纬,温志萍,程初.云计算中基于 K-均值聚类的虚拟机调度算法研究[J].南京理工大学学报,2013,37(6):807-812.
Huang Wei,Wen Zhiping,Cheng Chu.Virtual machine scheduling algorithm based on K-means clustering in cloud computing[J].Journal of Nanjing University of Science and Technology,2013,37(6):807-812.


Last Update: 2015-04-30