作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (22): 47-49. doi: 10.3969/j.issn.1000-3428.2009.22.016

• 软件技术与数据库 • 上一篇    下一篇

基于监控器时间开销的虚拟机发现方法

余 冲,王振兴,郭浩然,刘慧生   

  1. (解放军信息工程大学信息工程学院,郑州 450002)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-11-20 发布日期:2009-11-20

Virtual Machine Detection Method Based on Monitor Time-overhead

YU Chong, WANG Zhen-xing, GUO Hao-ran, LIU Hui-sheng   

  1. (School of Information Engineering, PLA Information Engineering University, Zhengzhou 450002)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-11-20 Published:2009-11-20

摘要: 针对传统方法只能发现单一类型虚拟机的缺陷,提出基于虚拟机监控器时间开销的虚拟机发现方法。特定指令能使监控器运行时产生显著的额外开销,该方法能利用监控器执行不同指令序列产生的相对时间开销对虚拟机进行判别。实验结果表明,该方法能够准确发现目前3类主流虚拟机。

关键词: 网络安全, 虚拟机发现, 虚拟机监控器, 相对时间开销

Abstract: Aming at the shortcomings that conventional detection methods can only be practicable for a special Virtual Machine(VM), this paper presents, a VM detection method based on time-overhead of Virtual Machine Monitor(VMM). Executions of some special instructions produce remarkable additional Virtual Machine Monitor-overhead. It produces different time-overheads while VMM executes different instruction sequences. By making use of the relative time-overhead, the method implements VM detection. Experimental results show that OVD can detect three kinds of popular VMs accurately.

Key words: network security, Virtual Machine(VM) detection, Virtual Machine Monitor(VMM), relative time-overhead

中图分类号: