摘要
虚拟机自省技术是备受学术界和工业界关注的安全方法,在入侵检测、内核完整性保护等多方面发挥了重要作用.该技术在实现过程中面临的核心难题之一是底层状态数据与所需高层语义之间的语义鸿沟,该难题限制了虚拟机自省技术的发展与广泛应用.为此,基于语义重构方式的不同将现有的虚拟机自省技术分为4类,并针对每一类自省技术中的关键问题及其相关工作进行了梳理;然后,在安全性、性能及可获取的高层语义信息量等方面对这4类方法进行了比较分析,结果显示,不同方法在指定比较维度上均有较大波动范围,安全研究人员需综合考虑4类方法的特点设计满足自身需求的虚拟机自省方案.最后,详细介绍了虚拟机自省技术在安全领域的应用情况,并指出了该技术在安全性、实用性及透明性等方面需深入研究的若干问题.
Virtual machine introspection(VMI) has received much attention from both academic and industrial community, and plays an important role in intrusion detection, kernel integrity protection and many other areas. However, the semantic gap has greatly limited the development of this technology. In this respect, this paper divides existing VMI technologies into four categories based on the methods of semantic reconstruction, followed by the problems and their corresponding researches. Analysis results reveal the difficulties in meeting all the requirements. The paper therefore details the relevant applied research in security based on VMI. Finally, it presents the future research directions that need in-depth study, such as VMI's security, availability and transparency.
出处
《软件学报》
EI
CSCD
北大核心
2016年第6期1384-1401,共18页
Journal of Software
基金
国家自然科学基金(61402464)
国家高技术研究发展计划(863)(2015AA016005)~~
关键词
虚拟机自省
语义鸿沟
软件结构知识
硬件架构知识
安全应用
virtual machine introspection
semantic gap
knowledge of software structure
knowledge of hardware architecture
security application
