Qing Yang,Yixin Jiang,Aidong Xu,Hong Wen,Feng Wang,LiuFei Chen,Kai Ouyang,Xiping Zhu

DOI: https://doi.org/10.1109/cns.2017.8228663

2017-01-01

Abstract:With the progress of the network and technology, the perfect combination of mobile intelligent terminal and internet, people are increasingly dependent on intelligent terminals. So, it was very necessary of a model for assessing the security performance of mobile intelligent terminals, especially to establish the objective model of the security performance of mobile intelligent terminal. In this paper, we propose a model that classification intelligent terminal security risk based on SVM algorithm, and it can achieve the classification of mobile intelligent terminal security level objectivity and accurately. Such that users have an intuitive understanding for the intelligent mobile terminal security, by which the security needs can be met.

Jianhua Che,Qinming He,Kejiang Ye,Dawei Huang

DOI: https://doi.org/10.1007/978-3-642-11842-5_11

2010-01-01

Abstract:As one of pivotal components, the efficiency of virtual machine monitor(VMM) will largely impact the performance of a virtualization system. Therefore, evaluating the performance of VMMs adopting different virtualization technologies becomes more and more important. This paper selects three typical open source VMMs(i.e. OpenVZ, Xen and KVM) as the delegates of operating system-level virtualization, para-virtualization and full-virtualization to evaluate their performance with a combinative method that measures their macro-performance and micro-performance as a black box and analyzes their performance characteristic as a white box. By correlating the analysis results of two-granularity performance data, some potential performance bottlenecks come out.

Xiaoguang Wang,Yong Qi,Zhi Wang,Yue Chen,Yajin Zhou

DOI: https://doi.org/10.1109/tdsc.2017.2675991

2019-01-01

Abstract:The OS kernel is critical to the security of a computer system. Many systems have been proposed to improve its security. A fundamental weakness of those systems is that page tables, the data structures that control the memory protection, are not isolated from the vulnerable kernel, and thus subject to tampering. To address that, researchers have relied on virtualization for reliable kernel memory protection. Unfortunately, such memory protection requires to monitor every update to the guest's page tables. This fundamentally conflicts with the recent advances in the hardware virtualization support. In this paper, we propose SecPod, an extensible framework for virtualization-based security systems that can provide both strong isolation and the compatibility with modern hardware. SecPod has two key techniques: paging delegation delegates and audits the kernel's paging operations to a secure space; execution trapping intercepts the (compromised) kernel's attempts to subvert SecPod by misusing privileged instructions. We have implemented a prototype of SecPod based on KVM. Our experiments show that SecPod is both effective and efficient.

Siqin Zhao,Kang Chen,Weimin Zheng

DOI: https://doi.org/10.1109/ChinaGrid.2009.45

2009-01-01

Abstract:It is very important to protect critical resources such as private data and code in computer systems. It is promising to protect private data and to improve the system security by leveraging the isolation attribute of virtual machine(VM). The isolation attribute of VM is provided by Virtual Machine Monitor (VMM) that runs in higher priority than guest OSes. If the critical components are isolated in VMs,access control can be enforced or attestation can be made when the subject is accessing via VMs. In this way, VMs can improve the security level of critical components such as OS, kernel, data, and applications. For computer system security, VMs can be used to detect malware intrusions and to protect critical components, which can be implemented by integrating detection or protection mechanism in either VMM or VMs. Authentication is required to create trustful VMs. This paper surveys technologies related of using virtual machines to enhance system security.

Jianhua Che,Qinming He,Qinghua Gao,Dawei Huang

DOI: https://doi.org/10.1109/euc.2008.127

2008-01-01

Abstract:With its growth and wide applications, virtualization has come through a revival in computer system community. Virtualization offers a lot of benefits including flexibility, security, ease to configuration and management, reduction of cost and so forth, but at the same time it also brings a certain degree of performance overhead. Furthermore, virtual machine monitor (VMM) is the core component of virtual machine (VM) system and its effectiveness greatly impacts the performance of whole system. In this paper, we measure and analyze the performance of two open source virtual machine monitors-Xen and KVM using LINPACK, LMbench and IOzone, and provide a quantitative and qualitative comparison of both virtual machine monitors.

Qingkai Zeng

2013-01-01

Abstract:In order to improve the security of operate systems and applications,the system virtualization technology is studied;the typical security applications and research are discussed.According to the software level of existing researches,the current research progress and future trends from three aspects: security improvement of applications,operating system and virtual machine monitor are analyzed and summarized.An analysis and debug method for malware based on system virtualization be designed,the feasibility and effectiveness of the method are verified by implementing prototype system on the Intel-VT platform.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

Xian Chen,Wenzhi Chen,Peng Long,Zhongyong Lu,Zonghui Wang

DOI: https://doi.org/10.1109/cbd.2013.32

2013-01-01

Abstract:For the ability to explore the memory's fullest potential, memory de-duplication has been widely experimented with in current main stream virtualization platforms. A lot of work has been done to improve the efficiency of memory de-duplication, while too little attention was paid to the introduced security issues which have been proved by prior work. To deal with this security risk and efficiently manage the memory we start our work in this paper. We first conduct extensive experiments on different OS platforms to study the realistic situation of page sharing. By analyzing the results we find: 1) Page sharing is contributed mostly by self-sharing (nearly 90%), and the self-sharing rate varies significantly between Linux and Windows OS platforms. Compared with self-sharing the inter-VM sharing rate is extremely low, under 1% in most cases. 2) Page size has a larger influence on Linux platform than Windows platform, so sub-page de-duplication proposed in prior work may achieve better performance on Linux platform. On the basis of above findings we propose a group-based secure page sharing model (or GSKSM), in which we consider both VM processes and normal processes. We have successfully implemented it in Linux kernel 3.6.6, and the experiment results show it works well with negligible overhead. Finally based on GSKSM we further present an efficient memory management approach (or SEMMA), which combines GSKSM and balloon technique to efficiently manage the memory, and the preliminary experiment result is satisfactory.

ZHANG Yongkang,Wang Wenhai,Sun Youxian

DOI: https://doi.org/10.3969/j.issn.1002-0411.1998.03.010

1998-01-01

Information and Control

Abstract:Through the computer models and simulation technology, the imitation of manufacturing and information processes is realized within the VM system. It's already widely used in the dispersed system. On the basis of the concept of process control the DCS and VM, an environment of industrial control computer system including modelcreating、control、optimization and simulation was setup. Lots of dynamic mathematic models、static mathematic models and control algorithms were put into the environment, and the simulation system for pulp paper mill was established. The results obtained both from system simulation and practical computer control were satisfactory.

Siqin Zhao,Kang Chen,Weimin Zheng

DOI: https://doi.org/10.1109/gcc.2009.14

2009-01-01

Abstract:When a denial-of-service happens, the malicious programs often occupies too much computing resources. A defending schema proposed in this paper can use virtual machine monitor to detect such attack by adapting threshold of available resources. If the defending system assures existence of attack, it will live duplicates the operating system together with the tagged applications to reserved isolated environment. The isolated environment is another virtual machine that is similar to the original one. At the meantime, execution of the operating system and tagged application keeps continuously both in new environment and original one. Through this way, the defending system can protect the running of the operating system and tagged applications from denial-of-service attack.

陈文智,姚远,杨建华,何钦铭

DOI: https://doi.org/10.3724/sp.j.1016.2009.01311

2009-01-01

Chinese Journal of Computers

Abstract:With the rapidly development of personal computer hardware,to construct multiple isolated computing domains through virtualization technology has already become a future direction of PC. To avoid the difficulties caused by implementing VMM on traditional IA-32 architecture through software virtualization technology,the authors designed and implemented a VMM based on Intel VT-x technology — Pcanel/V2. Pcanel/V2 utilizes the latest hardware virtualization technology to configure a controllable virtual execution environment and run multiple operating systems directly without any modification of source code. While the accesses to hardware resources by the guest operating system are monitored,various sensitive situations which occur in the guest operating system can also be handled correspondingly by Pcanel/V2. Concurrent execution of Linux and VxWorks on Pcanel/V2 has been realized and corresponding evaluation results show that Pcanel/V2 architecture simplifies the complexity of the design process while increasing the overall performance by approximately 10% compared to software virtual technology.

Pengfei Sun,Qingni Shen,Liang Gu,Yangwei Li

DOI: https://doi.org/10.1109/anthology.2013.6784967

2013-01-01

Abstract:Virtualization technologies enable multi-tenancy cloud business models by providing a scalable, shared resource platform for all tenants. Computing capacity, storage, and network are shared between multi-tenants. However, placing different customers' workloads on the same virtualization platform may lead to security vulnerabilities, which include the failure of mechanisms separating storage, memory, routing, and even reputation between different tenants of the shared infrastructure. The co-location of many customers inevitably causes conflict for the cloud provider as customers' communication security requirements are likely to be divergent from each other. In this paper, we introduce Multi-lateral Security concept to multi-tenancy cloud platform. It is difficult to analyze policies defined by consumers in the same virtualization platform in order to guarantee configuration stability given that policies may have conflicts leading to unpredictable effects. We present the Multilateral Security Architecture for Virtualization platform (VPMS) which enables the multilateral security for consumers.

Amjad Rehman,Sultan Alqahtani,Ayman Altameem,Tanzila Saba

DOI: https://doi.org/10.1007/s13042-013-0166-4

2013-04-09

International Journal of Machine Learning and Cybernetics

Abstract:Currently Virtual Machines (VMs) have many applications and their use is growing constantly as the hardware gets more powerful and usage more regulated allowing for scaling, monitoring, portability, security applications and many other uses. There are many types of virtualization techniques that can be employed on many levels from simple sandbox to full fledged streamlined managed access. While scaling, software lifecycles and diversity are just some of security challenges faced by VM developers the failure to properly implement those mechanisms may lead to VM escape, host access, denial of service and more. There are many exploits found in the last couple of years which were fixed on latest versions but some systems are still running them and vulnerable as presented, mostly to host based attacks and some have dramatic consequences.

Rui Li,Jiawei Ye,Dongjie He,Hua Cai

DOI: https://doi.org/10.3969/j.issn.1000-386x.2014.05.078

2014-01-01

Abstract:Virtualisation technology allows multiple virtual machines to run simultaneously on a single physical machine,which improves the resource utilisation,and becomes the basis of cloud computing technology to develop.However,the virtualisation technology has also brought a number of new security issues,and due to the characteristics of virtualisation its own,traditional security means are not sufficient to solve these issues.In this paper,we focus on the analysis of virtual network security features,and explore the use of Open vSwitch to imple-ment virtual network access control.

Jianhai Chen,Dawei Huang,Bei Wang,Deshi Ye,Qinming He,Wenzhi Chen

DOI: https://doi.org/10.1007/978-3-642-32627-1_13

2012-01-01

Abstract:Virtualization technology has been widely applied across a broad range of contemporary datacenters. While constructing a datacenter, architects have to choose a Virtualization Application Solution (VAS) to maximize performance as well as minimize cost. However, the performance of a VAS involves a great number of metric concerns, such as virtualization overhead, isolation, manageability, consolidation, and so on. Further, datacenter architects have their own preference of metrics correlate with datacenters' specific application scenarios. Nevertheless, previous research on virtualization performance either focus on a single performance concern or test several metrics respectively, rather than gives a holistic evaluation, which leads to the difficulties in VAS decision-making. In this paper, we propose a fine-grained performance-based decision model termed as VirtDM to aid architects to determine the best VAS for them via quantifying the overall performance of VAS according to datacenter architects' own preference. First, our model defines a measurable, in-depth, fine-grained, human friendly metric system with organized hierarchy to achieve accurate and precise quantitative results. Second, the model harnesses a number of classic Multiple Criteria Decision-Making (MCDM) methods, such as the Analytical Hierarchical Process (AHP), to relieve people's effort of deciding the weight of different metrics base on their own preference accordingly. Our case study addresses an decision process based on three real VAS candidates as an empirical example exploiting VirtDM and demonstrates the effectiveness of our VirtDM model.

Xiaolin Wang,Yan Sang,Yi Liu,Yingwei Luo

DOI: https://doi.org/10.1007/978-94-007-2105-0_31

2011-01-01

Abstract:With the development of virtualization technology, some security problems have appeared. Researchers begin to suspect the security of virtualized environment and consider how to evaluate the security degree of virtualized environment. But there are not uniform virtualized environment security evaluation criteria at present. In this paper, we analyze the security problem in virtualized environment and present our virtualized environment security evaluation criteria. We take a further research on support technology and authentication method. First, we introduce the background of the problem. Next, we summarize the related work. After that we present our virtualized environment security evaluation criteria and introduce our work on support technology and authentication method. For support technology, we propose some safety guarantee technology for each security level. For authentication method, we give some ideas for the evaluation of each security level.

Seyed Hossein Ahmadpanah

DOI: https://doi.org/10.48550/arXiv.1611.08889

2016-11-28

Abstract:In the cloud computing environment, cloud virtual machine (VM) will be more and more the number of virtual machine security and management faced giant Challenge. In order to address security issues cloud computing virtualization environment, this paper presents a virtual machine based on efficient and dynamic deployment VM security management model state migration and scheduling, study of which virtual machine security architecture, based on AHP (Analytic Hierarchy Process) virtual machine deployment and scheduling method, based on CUSUM (Cumulative Sum) DDoS attack detection algorithm, and the above-described method for functional testing and validation.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

HaoGang Chen,XiaoLin Wang,ZhenLin Wang,BinBin Zhang,YingWei Luo,XiaoMing Li

DOI: https://doi.org/10.1007/s11432-010-3113-y

2010-01-01

Science China Information Sciences

Abstract:Memory virtualization is an important part in the design of virtual machine monitors (VMM). In this paper, we proposed dynamic memory mapping (DMM)model, a mechanism that allows the VMM to change the mapping between a virtual machine’s physical memory and the underlying hardware resource while the virtual machine is running. By utilizing DMM, the VMM can implement many novel memory management policies, such as Demand Paging, Swapping, Ballooning, Memory Sharing and Copy-On-Write, while preserving compatibility with various architectures. The modular and hierarchical property of the DMM model efficiently incorporates the high-level policies and the low-level implementations, leading to a feature-adjustable VMM design. We presented the principle of the DMM model, and explained the procedures of various memory management policies under this model. Also, we implement the DMM model in KVM, an open source VMM. Our evaluation shows that the DMM model is efficient enough to provide the benefits of dynamic memory resource management with little performance impact.

Seehwan Yoo,Yunxin Liu,Cheol-Ho Hong,Chuck Yoo,Yongguang Zhang

DOI: https://doi.org/10.1145/1622103.1622109

2008-01-01

Abstract:Mobile phones have evolved into complex systems as they have more and more new applications built-in. As a result, they are less reliable and less secure than before. Virtual Machine Monitors (VMM) or hypervisors have been introduced to help the reliability and security of mobile phones but the existing research does not completely address three issues critical to mobile phones: real-time support, resource limitation, and power efficiency. In this paper we propose building a new VMM called MobiVMM for mobile phones to deal with these issues. MobiVMM enables real-time support using priority based scheduling and a pseudo-polling mechanism. Resource and power efficiency is achieved through light-weight design and implementation, highly customized guest operating systems, and a virtual hardware abstraction layer. We present our design considerations and report some preliminary experimental results based on the OMAP 2430 development platform.

YANG Feng,JIANG Hui,ZHUGE Jian-wei,DUAN Hai-xin

DOI: https://doi.org/10.3969/j.issn.1000-1220.2012.08.040

2012-01-01

Abstract:Due to the advantages of resources utilization,management and isolation,Virtualization Technology has been widely used in the areas of virtual server,malware analysis and cloud computing platform.The malicious code writers and security researchers start a new game in Virtualization Technology,and how to detect the presence of virtual environments becomes a hot research topic.This paper,introduces the significance of Virtual Machine Environment(VME) Detection Methods,uses examples to describe the principles and methods of local and remote VME detection,makes a summary of VME Detection Methods,indicates the direction of Virtualization transparency,analyses and discusses the future trend.