Towards a Resilient Server with an external VMI in the Virtualization Environment
Abstract
Currently, cloud computing technology is implemented by many industries in the world. This technology is very promising due to many companies only need to provide relatively smaller capital for their IT infrastructure. Virtualization is the core of cloud computing technology. Virtualization allows one physical machine to runs multiple operating systems. As a result, they do not need a lot of physical infrastructures (servers). However, the existence of virtualization could not guarantee that system failures in the guest operating system can be avoided. In this paper, we discuss the monitoring of hangs in the guest operating system in a virtualized environment without installing a monitoring agent in the guest operating system. There are a number of forensic applications that are useful for analyzing memory, CPU, and I/O, and one of it is called as LibVMI. Drakvuf, black-box binary analysis system, utilizes LibVMI to secure the guest OS. We use the LibVMI library through Drakvuf plugins to monitor processes running on the guest operating system. Therefore, we create a new plugin to Drakvuf to detect Hangs on the guest operating system running on the Xen Hypervisor. The experiment reveals that our application is able to monitor the guest operating system in real-time. However, Extended Page Table (EPT) violations occur during the monitoring process. Consequently, we need to activate the altp2m feature on Xen Hypervisor to by minimizing EPT violations.
Downloads
References
Cisco Systems, “Cisco Global Cloud Index: Forecast and Methodology, 2016–2021,” Cisco System. Inc, p. 46, 2018.
A. T. Mizrak, P. Saxena, VMware vCenter Server High Availability Performance and Best Practices. VMware Inc, 2016.
O. Nagesh, T. Kumar, and V. Venkateswararao, “A survey on security aspects of server virtualization in cloud computing,” Int. J. Electr. Comput. Eng., vol. 7, no. 3, pp. 1326–1336, 2017.
C. Pham, Z. Estrada, P. Cao, Z. Kalbarczyk, and R. K. Iyer, Reliability and security monitoring of virtual machines using hardware architectural invariants, Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN, vol. 2014, pp. 13–24, 2014.
T. Y. Win, H. Tianfield, Q. Mair, T. Al Said, and O. F. Rana, Virtual machine introspection, ACM Int. Conf. Proceeding Ser., vol. 2014-Septe, pp. 405–410, 2014.
T. Garfinkel and M. Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection, Proceedings of Network and Distributed Systems Security Symposium, vol. 1, pp. 253–285, 2003.
S. Zhao, X. Ding, W. Xu, and D. Gu, Seeing Through The Same Lens: Introspecting Guest Address Space At Native Speed, Proceedings of the 26th USENIX Security Symposium, pp. 799-813, 2017.
L. Jia, M. Zhu, and B. Tu, T-VMI: Trusted Virtual Machine Introspection in Cloud Environments, Proceeding of 17th IEEE/ACM Int. Symp. Clust. Cloud Grid Comput. CCGRID 2017, pp. 478–487, 2017. DOI: https://doi.org/10.1109/CCGRID.2017.48
VMware, Performance Evaluation of Intel EPT Hardware Assist, Management, vol. 136362, pp. 1–14, 2009.
I. Winarno, Y. Ishida, and T. Okamoto, A Performance Evaluation of Resilient Server with a Self-Repair Network Model, Mobile Networks and Applications, pp. 1095-1103, 2018.
T. K. Lengyel, S. Maresca, B. D. Payne, G. D. Webster, S. Vogl, and A. Kiayias, Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system, Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 386–395, 2014. DOI: https://doi.org/10.1145/2664243.2664252
A. P. Utomo, I. Winarno, I. Syarif, Detecting Hang on the Virtual Machine using LibVMI, 2019 International Electronics Symposium (IES), Surabaya, pp. 618–621, 2019. DOI: https://doi.org/10.1109/ELECSYM.2019.8901677
M. A. A. Kumara and C. D. Jaidhar, Execution time measurement of virtual machine volatile artifacts analyzers, Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS, vol. 2016-January, pp. 314–319, 2016.
B. Teabe, V. Nitu, A. Tchana, and D. Hagimont, The lock holder and the lock waiter pre-emption problems: Nip them in the bud using informed spinlocks (I-Spinlock), Proceeding of 12th Eur. Conf. Comput. Syst. EuroSys 2017, pp. 286–297, 2017. DOI: https://doi.org/10.1145/3064176.3064180
Philip Carinhas, Linux Fundamentals - A Training Manual, Fortuitous Technologies Inc, 2001.
Intel Corporation, Intel® 64 and IA-32 Architectures Software Developer Manuals, vol 3C, 2016.
Y. Ishida, Self-Repair Networks - A Mechanism Design, Springer (Switzerland), volume 101, 2015.
M. Cohen, Scanning Memory with Yara, Digital Investigation, volume 20, 2017. DOI: https://doi.org/10.1016/j.diin.2017.02.005
S. Proskurin, T. Lengyel, M. Momeu, C. Eckert, and A. Zarras, Hiding in the shadows: Empowering arm for stealthy virtual machine introspection, Proceeding of ACM International Conference, pp. 407-417, 2018. DOI: https://doi.org/10.1145/3274694.3274698
N. Smyth, Xen Virtualization Essentials, Payload Media, Ed. 1, pp. 124-125, 2009.
I. Winarno, M. Sani, Automatic Backup System for Virtualization Environment, EMITTER International Journal of Engineering Technology, vol. 2, pp. 91-101, 2014. DOI: https://doi.org/10.24003/emitter.v2i1.20
Copyright (c) 2020 EMITTER International Journal of Engineering Technology
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The copyright to this article is transferred to Politeknik Elektronika Negeri Surabaya(PENS) if and when the article is accepted for publication. The undersigned hereby transfers any and all rights in and to the paper including without limitation all copyrights to PENS. The undersigned hereby represents and warrants that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required. The undersigned represents that he/she has the power and authority to make and execute this assignment. The copyright transfer form can be downloaded here .
The corresponding author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors. This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s) where applicable. After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted.
Retained Rights/Terms and Conditions
- Authors retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.
- Authors may reproduce or authorize others to reproduce the work or derivative works for the author’s personal use or company use, provided that the source and the copyright notice of Politeknik Elektronika Negeri Surabaya (PENS) publisher are indicated.
- Authors are allowed to use and reuse their articles under the same CC-BY-NC-SA license as third parties.
- Third-parties are allowed to share and adapt the publication work for all non-commercial purposes and if they remix, transform, or build upon the material, they must distribute under the same license as the original.
Plagiarism Check
To avoid plagiarism activities, the manuscript will be checked twice by the Editorial Board of the EMITTER International Journal of Engineering Technology (EMITTER Journal) using iThenticate Plagiarism Checker and the CrossCheck plagiarism screening service. The similarity score of a manuscript has should be less than 25%. The manuscript that plagiarizes another author’s work or author's own will be rejected by EMITTER Journal.
Authors are expected to comply with EMITTER Journal's plagiarism rules by downloading and signing the plagiarism declaration form here and resubmitting the form, along with the copyright transfer form via online submission.