Cargando…
Towards Hypervisor Support for Enhancing the Performance of Virtual Machine Introspection
Virtual machine introspection (VMI) is the process of external monitoring of virtual machines. Previous work has demonstrated that VMI can contribute to the security of cloud environments and distributed systems, as it enables, for example, stealthy intrusion detection. One of the biggest challenges...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7276251/ http://dx.doi.org/10.1007/978-3-030-50323-9_3 |
| _version_ | 1783542923024924672 |
|---|---|
| author | Taubmann, Benjamin Reiser, Hans P. |
| author_facet | Taubmann, Benjamin Reiser, Hans P. |
| author_sort | Taubmann, Benjamin |
| collection | PubMed |
| description | Virtual machine introspection (VMI) is the process of external monitoring of virtual machines. Previous work has demonstrated that VMI can contribute to the security of cloud environments and distributed systems, as it enables, for example, stealthy intrusion detection. One of the biggest challenges for applying VMI in production environments is the performance overhead that certain tracing operations impose on the monitored virtual machine. In this paper, we show how this performance overhead can be significantly minimized by incorporating minor extensions for VMI operations into the hypervisor. In a proof-of-concept implementation, we demonstrate that the pre-processing of VMI events in the Xen hypervisor reduces the monitoring overhead for the use case of VMI-based process-bound monitoring by a factor of 18. |
| format | Online Article Text |
| id | pubmed-7276251 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-72762512020-06-08 Towards Hypervisor Support for Enhancing the Performance of Virtual Machine Introspection Taubmann, Benjamin Reiser, Hans P. Distributed Applications and Interoperable Systems Article Virtual machine introspection (VMI) is the process of external monitoring of virtual machines. Previous work has demonstrated that VMI can contribute to the security of cloud environments and distributed systems, as it enables, for example, stealthy intrusion detection. One of the biggest challenges for applying VMI in production environments is the performance overhead that certain tracing operations impose on the monitored virtual machine. In this paper, we show how this performance overhead can be significantly minimized by incorporating minor extensions for VMI operations into the hypervisor. In a proof-of-concept implementation, we demonstrate that the pre-processing of VMI events in the Xen hypervisor reduces the monitoring overhead for the use case of VMI-based process-bound monitoring by a factor of 18. 2020-05-15 /pmc/articles/PMC7276251/ http://dx.doi.org/10.1007/978-3-030-50323-9_3 Text en © IFIP International Federation for Information Processing 2020 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Article Taubmann, Benjamin Reiser, Hans P. Towards Hypervisor Support for Enhancing the Performance of Virtual Machine Introspection |
| title | Towards Hypervisor Support for Enhancing the Performance of Virtual Machine Introspection |
| title_full | Towards Hypervisor Support for Enhancing the Performance of Virtual Machine Introspection |
| title_fullStr | Towards Hypervisor Support for Enhancing the Performance of Virtual Machine Introspection |
| title_full_unstemmed | Towards Hypervisor Support for Enhancing the Performance of Virtual Machine Introspection |
| title_short | Towards Hypervisor Support for Enhancing the Performance of Virtual Machine Introspection |
| title_sort | towards hypervisor support for enhancing the performance of virtual machine introspection |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7276251/ http://dx.doi.org/10.1007/978-3-030-50323-9_3 |
| work_keys_str_mv | AT taubmannbenjamin towardshypervisorsupportforenhancingtheperformanceofvirtualmachineintrospection AT reiserhansp towardshypervisorsupportforenhancingtheperformanceofvirtualmachineintrospection |