V-Met IaaS VM 1 1 IaaS VM VM VM IDS IDS IDS IDS IDS VM V-Met V-Met VM IDS IDS VM VM IDS 1. IaaS VM VM IDS VM VM IDS IDS IDS [4] IDS VM IDS [8] [7] [15] [12] [13] IDS IDS IDS IDS 1 Kyushu Institute of Technology IDS [3] [6] VM V-Met V-Met [2] VM IDS IDS IDS VM VM V-Met Transcall [16] IDS V-Met Xen 4.4 VM VM VM IDS c 2012 Information Processing Society of Japan 1
1 IDS VM V-Met VM (EPT) EPT VM Exit VM VM VM VM VM IDS V-Met Transcall chkrootkit Tripwire IDS 2 IDS 3 V-Met 4 V-Met 5 V-Met 6 7 2. IDS IDS VM IDS [4] 1 VM IDS VM IDS IDS VM IDS IDS VM VM VM NIC 2.1 IDS IDS [8] [7] [15] [12] [13] VM VM IDS IDS IDS IDS IDS VM IDS 2.2 IDS Self-Service Cloud (SSC) [3] VM IDS Remote- Trans [6] IDS VM IDS IDS IDS c 2012 Information Processing Society of Japan 2
3. V-Met 3.1 IDS [2] IDS VM V-Met VM VM VM 2 V-Met V-Met VM IDS IDS VM VM IDS VM V-Met [8][7][15][12][13][3] TPM IDS VM V-Met IDS V-Met IDS VM V-Met VM VM [3] 6 8% CloudVisor[15] 2 V-Met VMCS Shadowing[5] VMCS VM Exit VM [9] 3.2 VM V-Met IDS VM VM VM VM VM V-Met 3 VM VM VM VM VM V-Met VM VM VM VM VM VM VM VM VM V-Met IDS c 2012 Information Processing Society of Japan 3
VM VM VM VM IDS VM ID VM V-Met VM VM VM IDS VM V-Met Transcall [16] IDS Transcall IDS Transcall Shadow IDS VM Shadow VM Shadow proc Shadow proc VM 4. VM VM Intel VT-x 4.1 VM VM V-Met 3 3 VM VM VM CPU CR3 3 VM 4 VM CR3 V-Met 4 CR3 VM CR3 VM Exit CR3 VM Exit VM Exit VM CPU VMCS VM CR3 VM IDS CR3 VM EPT VM VM EPT V-Met 5 VM CR3 VM Exit VM CPU VMCS EPT IDS EPT c 2012 Information Processing Society of Japan 4
8 5 EPT 6 VM 7 VM VM CloudVisor [15] CloudVisor VM VM VM EPT CloudVisor CloudVisor VM EPT EPT VM EPT VM EPT VM 4.2 VM VM IDS VM VM NIC vif NIC VM VM VM VM V-Met ebtables ulog ulog ebtables netlink ebtables V-Met IDS tap tap VM MAC ebtables NIC NIC MAC tap FF:FF:FF:FF:FF:FF 01:00:5E 33:33 tap VM VM OS netfront VM VM EPT VM V-Met VM VM tap 4.3 VM VM c 2012 Information Processing Society of Japan 5
NFS IDS VM IDS VM NFS VM NFS VM VM VM VM V-Met dm-thin VM VM 4.4 VM vmcall vmcall vmcall VM V-Met CR3 V-Met VM VM CR3 4.1 CR3 Transcall VM VM VM VM VM 5. V-Met IDS. Intel Xeon E3-1270v3 CPU 16GB DDR3 SDRAM 1600MHz 2TB SATA HDD. V-Met Xen 4.4 VM Linux 3.13.0. VM 2 CPU 3GB 40GB VM Xen 4.4 VM 1 CPU 1GB 8GB VM VM Linux 3.13.0. V-Met VM. NFS Intel Xeon X5675 CPU 32GB 3.75TB RAID5.. 4.5 VM VM VM EPT EPT VM VM VM CR3 CR3 VM VM 4.6 Transcall IDS Transcall [16] V- Met Transcall VM CPU 5.1 V-Met VM V-Met VM VM VM VM VM VM VM VM 9 V-Met 1.3 c 2012 Information Processing Society of Japan 6
11 NFS 9 12 10 VM V-Met V-Met 10 VM EPT VM VM 1.3µs VM CR3 0.96µs VM CR3 15µs CPU. iozone VM VM iozone 1GB NFS VM 11 V-Met NFS 13 Shadow proc VM VM 9% VM iozone 12 NFS V-Met 16% VM 5.2 Shadow proc Transcall Shadow proc Transcall VM OS Shadow proc 13 V-Met 11% V-Met 292 CR3 EPT 3,089 5.3 IDS V-Met VM IDS c 2012 Information Processing Society of Japan 7
14 chkrootkit NFS 16 Tripwire NFS 15 chkrootkit VM IDS VM VM IDS VM IDS IDS chkrootkit NFS VM 14 V-Met 3% VM VM 15 V-Met 6% VM FUSE Shadow proc VM IDS Tripwire NFS VM 16 V-Met 8.7% VM VM VM 17 V-Met 13% NFS Tripwire VM nmap VM 17 Tripwire 18 VM Snort 18 VM 0.36 ebtables V-Met VM tap NIC VM 1.06 VM VM 5.4 V-Met VM CR3 VM Exit CR3 VM Exit c 2012 Information Processing Society of Japan 8
23 CPU VM Snort 19 VM UnixBench 24 20 21 CPU chkrootkit CPU Tripwire VM 1% VM 28% 21% Snort iperf CPU 22 23 VM V-Met CPU 15 VM 4.5 V-Met VM VM VM Snort VM iperf 24 VM VM 3% VM 6% 6. 22 CPU VM Snort Xen 19 VM UnixBench Xen 1 VM Exit UnixBench 2% IDS CPU 20 21 chkrtootkit Tripwire V-Met VM CPU Self-Service Cloud (SSC) [3] VM VM IDS VM IDS RemoteTrans [6] VM IDS c 2012 Information Processing Society of Japan 9
VM IDS VM Transcall IDS IDS IDS IDS HyperGuard [11] CPU SMM HyperCheck [14] SMM HyperSentry [1] SMM IPMI IDS SMM IDS SMM IDS Flicker [10] Intel TXT AMD SVM IDS SMM CloudVisor [15] VM VM VM VM VM 7. IDS V-Met V-Met VM VM VM V-Met IDS IDS Transcall V-Met IDS IDS VM MAC VM VM [1] Azab, A. M., Ning, P., Wang, Z., Jiang, X., Zhang, X. and Skalsky, N. C.: HyperSentry: enabling stealthy incontext measurement of hypervisor integrity, Proceedings of Conference on Computer and Communications Security, pp. 38 49 (2010). [2] Ben-Yehuda, M., Day, M. D., Dubitzky, Z., Factor, M., Har El, N., Gordon, A., Liguori, A., Wasserman, O. and Yassour, B.-A.: The Turtles Project: Design and Implementation of Nested Virtualization., Proceedings of Symposium on Operating Systems Design and Implementation, pp. 423 436 (2010). [3] Butt, S., Lagar-Cavilla, H. A., Srivastava, A. and Ganapathy, V.: Self-service cloud computing, Processings of Conference on Computer and Communications Security, pp. 253 264 (2012). [4] Garfinkel, T. and Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection, Proceedings of Network and Distributed Systems SecuritySymposium, pp. 191 206 (2003). [5] IntelCorp: 4th Generation Intel Core vpro Processors with Intel VMCS Shadowing (2013). [6] Kourai, K. and Juda, K.: Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted Clouds, Proceedings of the 9th IEEE International Conference on Cloud Computing, pp. 43 50 (2016). [7] Li, C., Raghunathan, A. and Jha, N. K.: Secure Virtual Machine Execution under an Untrusted Management OS, Proceedings on International Conference on Cloud Computing, pp. 172 179 (2010). [8] Li, C., Raghunathan, A. and Jha, N. K.: A Trusted Virtual Machine in an Untrusted Management Environment, IEEE Transactions on Services Computing, Vol. 5, No. 4, pp. 472 483 (2012). [9] LOWELL, D. E., SAITO, Y. and SAMBERG, E. J.: Devirtualizable virtual machines enabling general, singlenode, online maintenance, Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 211 223 (2004). [10] McCune, J. M., Parno, B., Perrig, A., Reiter, M. K. and Isozaki, H.: Flicker: An Execution Infrastructure for TCB Minimization, Proceedings of European Conference of Computer Systems, pp. 315 328 (2008). [11] Rutkowska, J., Wojtczuk, R. and Tereshkin, A.: Hyper- Guard, Xen 0wning Trilogy, Black Hat USA (2008). [12] Santos, N., Gummadi, K. P. and Rodrigues, R.: Towards Trusted Cloud Computing, Proceedings of Workshop on Hot Topics in Cloud Computing (2009). [13] Tadokoro, H., Kourai, K. and Chiba, S.: Preventing Information Leakage from Virtual Machines Memory in IaaS Clouds IPSJ Online Transactions, Vol. 5, pp. 156 166 (2012). [14] Wang, J., Stavrou, A. and Ghosh, A.: HyperCheck: A hardware-assisted integrity monitor, Proceedings of International Symposium on Recent Advances in Intrusion Detection, pp. 158 177 (2010). [15] Zhang, F., Chen, J., Chen, H. and Zang, B.: Cloud- Visor: Retrofitting Protection of Virtual Machines in Multitenant Cloud with Nested Virtualization, Proceedings of Symposium on Operating Systems Principles, pp. 203 216 (2011). [16] VM Shadow: IDS 119 OS (2011). c 2012 Information Processing Society of Japan 10