COW-IMM: A Novel Integrity Measurement Method Based on Copy-on-Write for File in Virtual Machine

The integrity measurement method is used to detect whether the files are tampered with and to build a trusted environment. It can improve the security of virtual machines using base and increment image. Currently, the traditional integrity measurement methods (MDA-IMM) are based on the message digest algorithm with high computational complexity and heavy data. As a result, the MDA-IMM consumes a lot of I/O resources and spends too much time. To address those issues, we propose a novel method (COW-IMM) based on copy-on-write for the files in base image, the precondition is that, there is oneto-one correspondence between the cluster of image and the logic block of file system, and both of them have the same size. The COW-IMM gets the information of files for integrity measurement from base image and measures the integrity of files in increment image. We implement a prototype based on KVM, Qcow2 image, and Ext4. The algorithm analysis shows that, the volume of data used by COW-IMM is 512 times smaller than that used by MDA-IMM at least, if the file size is the same. The experimental evaluations show that, the speed of COW-IMM is faster and faster than that of MDA-IMM with the increment of file size. For example, when the file size is 0.1M, the speed of COW-IMM is about 10 times faster than that of MDA-IMM; when the file size is 90M, the speed of COW-IMM is about 592 times faster than that of MDA-IMM.