Premium
SAVM: A practical secure external approach for automated in‐VM management
Author(s) -
Zhan Dongyang,
Ye Lin,
Fang Binxing,
Zhang Hongli
Publication year - 2018
Publication title -
concurrency and computation: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.309
H-Index - 67
eISSN - 1532-0634
pISSN - 1532-0626
DOI - 10.1002/cpe.4482
Subject(s) - computer science , cloud computing , hypervisor , rootkit , semantic gap , operating system , process (computing) , virtual machine , computer security , virtualization , malware , image retrieval , artificial intelligence , image (mathematics)
Summary In‐VM management is usually needed by cloud service providers for cloud management, which includes monitoring the in‐VM application running state, reconfiguring VM system settings, etc. In‐VM management is also very useful in green cloud computing, because it provides the abilities of in‐VM monitoring, VM reconfiguration, performance measurement, etc. Leveraging a shell or an in‐VM agent to manage VMs is faced with generality and security challenges. In this paper, we propose a secure automated in‐VM management approach, ie, SAVM, which likes a hypervisor‐based shell managing the VMs in an out‐of‐box way. To bridge the semantic gap, we reuse the target VM's system calls to process the semantic information automatically. More importantly, we introduce a secure instruction fetch approach to enhance the system security. As a result, SAVM does not rely on the target VM's kernel integrity. In addition, we also present a dummy process selection and a system call injection method to further enhance the system security and transparency. After the implementation, we evaluate the prototype. The experimental results show that SAVM can achieve most of the in‐VM management operations. Furthermore, SAVM can work correctly under the target VM attacked by several popular rootkits.