Loading…

High-Performance Memory Snapshotting for Real-Time, Consistent, Hypervisor-Based Monitors

This paper presents a concurrent-computing approach-high-performance memory snapshotting-to improving security-introspection of virtual machine guest memory. Efficient introspection improves security monitoring in existing hypervisor systems with real-time, consistent memory introspection capabiliti...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2020-05, Vol.17 (3), p.518-535
Main Authors: Klemperer, Peter F., Jeon, Hye Yoon, Payne, Bryan D., Hoe, James C.
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper presents a concurrent-computing approach-high-performance memory snapshotting-to improving security-introspection of virtual machine guest memory. Efficient introspection improves security monitoring in existing hypervisor systems with real-time, consistent memory introspection capabilities. Efficient introspection has three requirements that each must be met to provide protection against evasive threats: native memory introspection performance, accpetable guest performance, and consistent introspection view of guest memory. Existing introspection systems have provided one or two of these properties but not all three at once. High-performance memory snapshots are evaluated as a solution for meeting all three efficient introspection requirements. In this work we describe how existing system performance can be improved with high-performance snapshotting, present an efficient introspection prototype that has been released as an element of the open-source LibVMI introspection library 1 , evaluate the efficient introspection prototype on both applications and microbenchmarks, provide demonstrations of introspection application modules enabled by efficient introspection, and provide performance guidance for developing introspection applications utilizing efficient introspection.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2018.2805904