Agentless Cloud-Wide Streaming of Guest File System Updates

We propose a non-intrusive approach for monitoring virtual machines (VMs) in the cloud. At the core of this approach is a mechanism for selective real-time monitoring of guest file updates within VM instances. This mechanism is agentless, requiring no guest VM support. It has low virtual I/O overhead, low latency for emitting file updates, and a scalable design. Its central design principle is distributed streaming of file updates inferred from introspected disk sector writes. The mechanism, called DS-VMI, enables many system administration tasks that involve monitoring files to be performed outside VMs.

[1]  П. Довгалюк,et al.  Два способа организации механизма полносистемного детерминированного воспроизведения в симуляторе QEMU , 2012 .

[2]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[3]  W. Marsden I and J , 2012 .

[4]  Yagiz Onat Yazir,et al.  Maitland: Lighter-Weight VM Introspection to Support Cyber-security in the Cloud , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[5]  Claudia Eckert,et al.  A formal model for virtual machine introspection , 2009, VMSec '09.

[6]  Shensheng Zhang,et al.  Virtual Disk Monitor Based on Multi-core EFI , 2007, APPT.

[7]  Dongsheng Wang,et al.  Virtual-Machine-based Intrusion Detection on File-aware Block Level Storage , 2006, 2006 18th International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD'06).

[8]  Marcos K. Aguilera,et al.  Olive: Distributed Point-in-Time Branching Storage for Real Systems , 2006, NSDI.

[9]  Eric Jul,et al.  Lithium: virtual machine storage for the cloud , 2010, SoCC '10.

[10]  J. Howard Et El,et al.  Scale and performance in a distributed file system , 1988 .

[11]  Xuxian Jiang,et al.  "Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots , 2007, RAID.

[12]  Liviu Iftode,et al.  Bringing the Cloud Down to Earth: Transient PCs Everywhere , 2010, MobiCASE.

[13]  Scott Smith,et al.  Keeping Track of 70, 000+ Servers: The Akamai Query System , 2010, LISA.

[14]  Chandramohan A. Thekkath,et al.  Petal: distributed virtual disks , 1996, ASPLOS VII.

[15]  Xuxian Jiang,et al.  Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction , 2007, CCS '07.

[16]  GhemawatSanjay,et al.  The Google file system , 2003 .

[17]  Andrea C. Arpaci-Dusseau,et al.  A logic of file systems , 2005, FAST'05.

[18]  Andrea C. Arpaci-Dusseau,et al.  Semantically-Smart Disk Systems , 2003, FAST.

[19]  Nikolai Joukov,et al.  A nine year study of file system and storage benchmarking , 2008, TOS.

[20]  Hector Garcia-Molina,et al.  Debugging a Distributed Computing System , 1984, IEEE Transactions on Software Engineering.

[21]  Muli Ben-Yehuda,et al.  Block storage listener for detecting file-level intrusions , 2010, 2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST).

[22]  Hyong S. Kim,et al.  How to tame your VMs: an automated control system for virtualized services , 2010 .

[23]  Jonathon T. Giffin,et al.  2011 IEEE Symposium on Security and Privacy Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection , 2022 .

[24]  Wenke Lee,et al.  Secure and Flexible Monitoring of Virtual Machines , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[25]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX Annual Technical Conference, FREENIX Track.

[26]  Dutch T. Meyer,et al.  Parallax: virtual disks for virtual machines , 2008, Eurosys '08.

[27]  Jeffrey Katcher,et al.  PostMark: A New File System Benchmark , 1997 .

[28]  A. Kivity,et al.  kvm : the Linux Virtual Machine Monitor , 2007 .