Title :
Efficient VM Introspection in KVM and Performance Comparison with Xen
Author :
Kourai, Kenichi ; Nakamura, Kentaro
Author_Institution :
Dept. of Creative Inf., Kyushu Inst. of Technol., Fukuoka, Japan
Abstract :
Intrusion detection system (IDS) offloading is useful for securely executing IDSes. It runs a target system in a virtual machine (VM) and enables IDSes to monitor the VM from the outside using VM introspection. Although VM introspection is well studied, its performance has not been reported in detail. The performance becomes important when users choose virtualization software, e.g., Xen and KVM. However, the performance comparison is difficult because there is no efficient implementation of VM introspection in KVM. In this paper, we first propose KVMonitor for efficient VM introspection in KVM. Using KVMonitor, we have ported Transcall for offloading legacy IDSes. For memory introspection, KVMonitor was 32 times faster than the existing LibVMI. Then we present performance comparison between Xen and KVM on VM introspection. The experimental results showed that checking the kernel memory with KVMonitor was 118 times faster than that in Xen. Even for legacy chkrootkit, the execution time with KVMonitor was 63% shorter than that in Xen.
Keywords :
security of data; virtual machines; virtualisation; IDS offloading; KVM software; KVMonitor; Transcall; VM introspection; Xen software; intrusion detection system; legacy chkrootkit; memory introspection; virtual machines; Kernel; Monitoring; Registers; Servers; Virtualization; IDS offloading; intrusion detection systems; security; virtual machine introspection; virtualization software;
Conference_Titel :
Dependable Computing (PRDC), 2014 IEEE 20th Pacific Rim International Symposium on
Conference_Location :
Singapore
Print_ISBN :
978-1-4799-6473-4
DOI :
10.1109/PRDC.2014.33
