 |
English
|
正體中文
|
简体中文
|
Post-Print筆數 : 27 |
Items with full text/Total items : 113311/144292 (79%)
Visitors : 50932206
Online Users : 955
|
|
|
Loading...
|
Please use this identifier to cite or link to this item:
https://nccur.lib.nccu.edu.tw/handle/140.119/129971
|
| Title: | Hardware-Assisted MMU Redirection for In-guest Monitoring and API Profiling |
| Authors: | 蕭舜文
Hsiao, Shun-Wen
孫雅麗
陳孟彰 |
| Contributors: | 資管系 |
| Date: | 2020-01 |
| Issue Date: | 2020-05-27 |
| Abstract: | With the advance of hardware, network, and virtualization technologies, cloud computing has prevailed and become the target of security threats such as the cross virtual machine (VM) side channel attack, with which malicious users exploit vulnerabilities to gain information or access to other guest virtual machines. Among the many virtualization technologies, the hypervisor manages the shared resource pool to ensure that the guest VMs can be properly served and isolated from each other. However, while managing the shared hardware resources, due to the presence of the virtualization layer and different CPU modes (root and non-root mode), when a CPU is switched to non-root mode and is occupied by a guest machine, a hypervisor cannot intervene with a guest at runtime. Thus, the execution status of a guest is like a black box to a hypervisor, and the hypervisor cannot mediate possible malicious behavior at runtime. To rectify this, we propose a hardware-assisted VMI (virtual machine introspection) based in-guest process monitoring mechanism which supports monitoring and management applications such as process profiling. The mechanism allows hooks placed within a target process (which the security expert selects to monitor and profile) of a guest virtual machine and handles hook invocations via the hypervisor. In order to facilitate the needed monitoring and/or management operations in the guest machine, the mechanism redirects access to in-guest memory space to a controlled, self-defined memory within the hypervisor by modifying the extended page table (EPT) to minimize guest and host machine switches. The advantages of the proposed mechanism include transparency, high performance, and comprehensive semantics. To demonstrate the capability of the proposed mechanism, we develop an API profiling system (APIf) to record the API invocations of the target process. The experimental results show an average performance degradation of about 2.32%, far better than existing simila... |
| Relation: | IEEE Transactions on Information Forensics and Security |
| Data Type: | article |
| DOI 連結: | http://doi.org/10.1109/TIFS.2020.2969514 |
| DOI: | 10.1109/TIFS.2020.2969514 |
| Appears in Collections: | [資訊管理學系] 期刊論文
|
Files in This Item:
| File |
Description |
Size | Format | |
|---|
| 426.pdf | | 3212Kb | Adobe PDF2 | 281 | View/Open |
|
All items in 政大典藏 are protected by copyright, with all rights reserved.
|
著作權政策宣告 Copyright Announcement1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.
2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(
nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(
nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
