Towards a Resilient Server with an external VMI in the Virtualization Environment

  • Agus Priyo Utomo Politeknik Elektronika Negeri Surabaya
  • Idris Winarno
  • Iwan Syarif
Keywords: Virtualization, Virtual Machines Introspection, out-VMI, Hang Detection, Cloud Computing

Abstract

Currently, cloud computing technology is implemented by many industries in the world. This technology is very promising due to many companies only need to provide relatively smaller capital for their IT infrastructure. Virtualization is the core of cloud computing technology. Virtualization allows one physical machine to runs multiple operating systems. As a result, they do not need a lot of physical infrastructures (servers). However, the existence of virtualization could not guarantee that system failures in the guest operating system can be avoided. In this paper, we discuss the monitoring of hangs in the guest operating system in a virtualized environment without installing a monitoring agent in the guest operating system. There are a number of forensic applications that are useful for analyzing memory, CPU, and I/O, and one of it is called as LibVMI. Drakvuf, black-box binary analysis system, utilizes LibVMI to secure the guest OS. We use the LibVMI library through Drakvuf plugins to monitor processes running on the guest operating system. Therefore, we create a new plugin to Drakvuf to detect Hangs on the guest operating system running on the Xen Hypervisor. The experiment reveals that our application is able to monitor the guest operating system in real-time. However, Extended Page Table (EPT) violations occur during the monitoring process. Consequently, we need to activate the altp2m feature on Xen Hypervisor to by minimizing EPT violations.

Downloads

Download data is not yet available.

References

Cisco Systems, “Cisco Global Cloud Index: Forecast and Methodology, 2016–2021,” Cisco System. Inc, p. 46, 2018.

A. T. Mizrak, P. Saxena, VMware vCenter Server High Availability Performance and Best Practices. VMware Inc, 2016.

O. Nagesh, T. Kumar, and V. Venkateswararao, “A survey on security aspects of server virtualization in cloud computing,” Int. J. Electr. Comput. Eng., vol. 7, no. 3, pp. 1326–1336, 2017.

C. Pham, Z. Estrada, P. Cao, Z. Kalbarczyk, and R. K. Iyer, Reliability and security monitoring of virtual machines using hardware architectural invariants, Proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN, vol. 2014, pp. 13–24, 2014.

T. Y. Win, H. Tianfield, Q. Mair, T. Al Said, and O. F. Rana, Virtual machine introspection, ACM Int. Conf. Proceeding Ser., vol. 2014-Septe, pp. 405–410, 2014.

T. Garfinkel and M. Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection, Proceedings of Network and Distributed Systems Security Symposium, vol. 1, pp. 253–285, 2003.

S. Zhao, X. Ding, W. Xu, and D. Gu, Seeing Through The Same Lens: Introspecting Guest Address Space At Native Speed, Proceedings of the 26th USENIX Security Symposium, pp. 799-813, 2017.

L. Jia, M. Zhu, and B. Tu, T-VMI: Trusted Virtual Machine Introspection in Cloud Environments, Proceeding of 17th IEEE/ACM Int. Symp. Clust. Cloud Grid Comput. CCGRID 2017, pp. 478–487, 2017. DOI: https://doi.org/10.1109/CCGRID.2017.48

VMware, Performance Evaluation of Intel EPT Hardware Assist, Management, vol. 136362, pp. 1–14, 2009.

I. Winarno, Y. Ishida, and T. Okamoto, A Performance Evaluation of Resilient Server with a Self-Repair Network Model, Mobile Networks and Applications, pp. 1095-1103, 2018.

T. K. Lengyel, S. Maresca, B. D. Payne, G. D. Webster, S. Vogl, and A. Kiayias, Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system, Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, pp. 386–395, 2014. DOI: https://doi.org/10.1145/2664243.2664252

A. P. Utomo, I. Winarno, I. Syarif, Detecting Hang on the Virtual Machine using LibVMI, 2019 International Electronics Symposium (IES), Surabaya, pp. 618–621, 2019. DOI: https://doi.org/10.1109/ELECSYM.2019.8901677

M. A. A. Kumara and C. D. Jaidhar, Execution time measurement of virtual machine volatile artifacts analyzers, Proceedings of the International Conference on Parallel and Distributed Systems - ICPADS, vol. 2016-January, pp. 314–319, 2016.

B. Teabe, V. Nitu, A. Tchana, and D. Hagimont, The lock holder and the lock waiter pre-emption problems: Nip them in the bud using informed spinlocks (I-Spinlock), Proceeding of 12th Eur. Conf. Comput. Syst. EuroSys 2017, pp. 286–297, 2017. DOI: https://doi.org/10.1145/3064176.3064180

Philip Carinhas, Linux Fundamentals - A Training Manual, Fortuitous Technologies Inc, 2001.

Intel Corporation, Intel® 64 and IA-32 Architectures Software Developer Manuals, vol 3C, 2016.

Y. Ishida, Self-Repair Networks - A Mechanism Design, Springer (Switzerland), volume 101, 2015.

M. Cohen, Scanning Memory with Yara, Digital Investigation, volume 20, 2017. DOI: https://doi.org/10.1016/j.diin.2017.02.005

S. Proskurin, T. Lengyel, M. Momeu, C. Eckert, and A. Zarras, Hiding in the shadows: Empowering arm for stealthy virtual machine introspection, Proceeding of ACM International Conference, pp. 407-417, 2018. DOI: https://doi.org/10.1145/3274694.3274698

N. Smyth, Xen Virtualization Essentials, Payload Media, Ed. 1, pp. 124-125, 2009.

I. Winarno, M. Sani, Automatic Backup System for Virtualization Environment, EMITTER International Journal of Engineering Technology, vol. 2, pp. 91-101, 2014. DOI: https://doi.org/10.24003/emitter.v2i1.20

Published
2020-06-02
How to Cite
Utomo, A. P., Winarno, I., & Syarif, I. (2020). Towards a Resilient Server with an external VMI in the Virtualization Environment. EMITTER International Journal of Engineering Technology, 8(1), 49-66. https://doi.org/10.24003/emitter.v8i1.468
Section
Articles