System Integrity Monitoring System using Kernel-based Virtual Machine

Hyun Woo Nam; Neung Soo Park

System Integrity Monitoring System using Kernel-based Virtual Machine

Hyun Woo Nam

Neung Soo Park

The KIPS Transactions:PartC, Vol. 18, No. 3, pp. 157-166, Jun. 2011

10.3745/KIPSTC.2011.18.3.157, PDF Download:

Abstract

The virtualization layer is executed in higher authority layer than kernel layer and suitable for monitoring operating systems. However, existing virtualization monitoring systems provide simple information about the usage rate of CPU or memory. In this paper, the monitoring system using full virtualization technique is proposed, which can monitor virtual machine`s dynamic kernel object as memory, register, GDT, IDT and system call table. To verify the monitoring system, the proposed system was implemented based on KVM(Kernel-based Virtual Machine) with full virtualization that is directly applied to linux kernel without any modification. The proposed system consists of KvmAccess module to access KVM`s internal object and API to provide other external modules with monitoring result. In experiments, the CPU utilization for monitoring operations in the proposed monitering system is 0.35% when the system is monitored with 1-second period. The proposed monitoring system has a little performance degradation.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

H. W. Nam and N. S. Park, "System Integrity Monitoring System using Kernel-based Virtual Machine," The KIPS Transactions:PartC, vol. 18, no. 3, pp. 157-166, 2011. DOI: 10.3745/KIPSTC.2011.18.3.157.

[ACM Style]

Hyun Woo Nam and Neung Soo Park. 2011. System Integrity Monitoring System using Kernel-based Virtual Machine. The KIPS Transactions:PartC, 18, 3, (2011), 157-166. DOI: 10.3745/KIPSTC.2011.18.3.157.