A novel file integrity monitoring method via introspection virtual machine

Nowadays, critical systems are being virtualized in the name of, amongst other things, cost savings. The file system becomes the usual target of malicious attacks because it contains a lots of sensitive data, such as executable programs, configuration and authorization information. If unintended changes happen on the related file, it may affect the security of related computer system. File integrity monitoring is an effective approach to discover aggressive behavior by detecting modification actions on these sensitive files. Organizations are going to gain confidence in virtualization. Virtual machine introspection describes the method of monitoring and analyzing the state of a virtual machine from the hypervisor level. Having the benefits of virtualization to design security application, it can bring over traditional computing infrastructures and practices. Semantic gap and the cost of context switches between the trusted monitor and the virtual machine being monitored are challenges in security application base on virtualization. In this paper, we present a model to design real-time file integrity monitoring application in virtual machine-based computing environment, which is trying to bridge semantic gap and reduce context switching. By comparing existing method, we infer this is a proper model to design file integrity monitoring applications based on virtualization that is feasible in many of other security systems based on virtualization.