SAVM: A practical secure external approach for automated in‐VM management

Zhan, Dongyang; Ye, Lin; Fang, Binxing; Zhang, Hongli

doi:10.1002/cpe.4482

Cited by 3 publications

(2 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By converting a process within the target VM to a dummy process, ShadowContext leverages the dummy process to invoke some system calls to narrow the semantic gap automatically. SAVM [20] and HyperShell [21] are some in-VM management tools, which also leverage the system call reuse technology.…”

Section: Related Workmentioning

confidence: 99%

A Low-Overhead Kernel Object Monitoring Approach for Virtual Machine Introspection

Zhan

et al. 2019

ICC 2019 - 2019 IEEE International Conference on Communications (ICC)

Self Cite

View full text Add to dashboard Cite

Monitoring kernel object modification of virtual machine is widely used by virtual-machine-introspection-based security monitors to protect virtual machines in cloud computing, such as monitoring dentry objects to intercept file operations, etc. However, most of the current virtual machine monitors, such as KVM and Xen, only support page-level monitoring, because the Intel EPT technology can only monitor page privilege. If the out-of-virtual-machine security tools want to monitor some kernel objects, they need to intercept the operation of the whole memory page. Since there are some other objects stored in the monitored pages, the modification of them will also trigger the monitor. Therefore, page-level memory monitor usually introduces overhead to related kernel services of the target virtual machine. In this paper, we propose a low-overhead kernel object monitoring approach to reduce the overhead caused by page-level monitor. The core idea is to migrate the target kernel objects to a protected memory area and then to monitor the corresponding new memory pages. Since the new pages only contain the kernel objects to be monitored, other kernel objects will not trigger our monitor. Therefore, our monitor will not introduce runtime overhead to the related kernel service. The experimental results show that our system can monitor target kernel objects effectively only with very low overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

A Low-Overhead Kernel Object Monitoring Approach for Virtual Machine Introspection

Zhan

et al. 2019

ICC 2019 - 2019 IEEE International Conference on Communications (ICC)

Self Cite

View full text Add to dashboard Cite

show abstract

“…This issue would be incomplete without in‐VM management and it is very useful in green cloud computing because it provides the abilities of in‐VM monitoring, VM reconfiguration, and performance measurement. Zhan et al propose a secure automated in‐VM management approach, a hypervisor‐based shell managing the VMs in an out‐of‐box way. In addition, it presents a dummy process selection and a system call injection method to further enhance the system security and transparency.…”

Section: Introductionmentioning

confidence: 99%

Foreword to the special issue of green cloud computing: Methodology and practice

Zheng

Rong²,

Badarch

2019

Concurrency and Computation

View full text Add to dashboard Cite

A Low-overhead Kernel Object Monitoring Approach for Virtual Machine Introspection

Zhan

et al. 2019

Preprint

View full text Add to dashboard Cite

SAVM: A practical secure external approach for automated in‐VM management

Cited by 3 publications

References 17 publications

A Low-Overhead Kernel Object Monitoring Approach for Virtual Machine Introspection

A Low-Overhead Kernel Object Monitoring Approach for Virtual Machine Introspection

Foreword to the special issue of green cloud computing: Methodology and practice

A Low-overhead Kernel Object Monitoring Approach for Virtual Machine Introspection

Contact Info

Product

Resources

About