• Àüü
  • ÀüÀÚ/Àü±â
  • Åë½Å
  • ÄÄÇ»ÅÍ
·Î±×ÀΠȸ¿ø°¡ÀÔ About Us ÀÌ¿ë¾È³»
»çÀÌÆ®¸Ê
´Ý±â

»çÀÌÆ®¸Ê

Loading..

Please wait....

±¹³» ³í¹®Áö

Ȩ Ȩ > ¿¬±¸¹®Çå > ±¹³» ³í¹®Áö > Çѱ¹Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö > Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö C

Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö C

Current Result Document :

ÇѱÛÁ¦¸ñ(Korean Title) Ä¿³Î ±â¹Ý °¡»ó¸Ó½ÅÀ» ÀÌ¿ëÇÑ ½Ã½ºÅÛ ¹«°á¼º ¸ð´ÏÅ͸µ ½Ã½ºÅÛ
¿µ¹®Á¦¸ñ(English Title) System Integrity Monitoring System using Kernel-based Virtual Machine
ÀúÀÚ(Author) ³²Çö¿ì   ¹Ú´É¼ö   Hyunwoo Nam   Neungsoo Park  
¿ø¹®¼ö·Ïó(Citation) VOL 18-C NO. 03 PP. 0157 ~ 0166 (2011. 06)
Çѱ۳»¿ë
(Korean Abstract)		 °¡»óÈ­ °èÃþÀº Ä¿³Î º¸´Ù ³ôÀº ±ÇÇÑ °èÃþ¿¡¼­ ¼öÇàµÇ¾î ¿î¿µÃ¼Á¦°¡ »ç¿ëÇÏ°í ÀÖ´Â ÀÚ¿ø Á¤º¸¸¦ ¸ð´ÏÅ͸µ Çϴµ¥ ÀûÇÕÇÏ´Ù. ÇÏÁö¸¸ ±âÁ¸ °¡»óÈ­ ±â¹Ý ¸ð´ÏÅ͸µ ½Ã½ºÅÛÀº CPU³ª ¸Þ¸ð¸® »ç¿ë·ü°ú °°Àº ±âÃÊÀûÀÎ Á¤º¸¸¸À» Á¦°øÇÏ°í ÀÖ´Ù. º» ³í¹®¿¡¼­ ¸Þ¸ð¸®, ·¹Áö½ºÅÍ GDT, IDT ±×¸®°í ½Ã½ºÅÛ ÄÝ°ú °°Àº µ¿ÀûÀÎ ½Ã½ºÅÛ Ä¿³Î °´Ã¼¸¦ ¸ð´ÏÅ͸µÇϱâ À§ÇÏ¿© Àü°¡»óÈ­ ¹æ½ÄÀÇ ¸ð´ÏÅ͸µ ½Ã½ºÅÛÀ» Á¦¾ÈÇÑ´Ù. ¸ð´ÏÅ͸µ ½Ã½ºÅÛÀ» °ËÁõÇϱâ À§ÇØ Ä¿³ÎÀÇ ¼öÁ¤ ¾øÀÌ ¹Ù·Î ¸®´ª½º Ä¿³Î¿¡ Àû¿ëµÈ Àü°¡»óÈ­ ¹æ½ÄÀÇ KVMÀ» ±â¹ÝÀ¸·Î ½Ã½ºÅÛÀ» ±¸ÇöÇÏ¿´´Ù. ±¸ÇöµÈ ½Ã½ºÅÛÀº KVM ³»ºÎ °´Ã¼¿¡ Á¢±ÙÇϱâ À§ÇÑ KvmAccess ¸ðµâ, ±×¸®°í °¡»ó¸Ó½Å ¸ð´ÏÅ͸µ °á°ú¸¦ ¿ÜºÎ ¸ðµâ¿¡¼­µµ »ç¿ëÇÒ ¼ö ÀÖµµ·Ï API¸¦ Á¦°øÇÏ¿´´Ù. ±¸ÇöµÈ ¸ð´ÏÅ͸µ ½Ã½ºÅÛÀÇ ¼º´ÉÀ» ÃøÁ¤ÇÑ °á°ú 1ÃÊ ÁÖ±â·Î ½Ã½ºÅÛÀ» ¸ð´ÏÅ͸µÀ» ÇÏ´õ¶óµµ 0.37% Á¤µµÀÇ CPU Á¡À¯À²À» Â÷ÁöÇÏ¿© ±× ¼º´É ºÎÇÏ°¡ ¾ÆÁÖ ÀÛ¾Ò´Ù.
¿µ¹®³»¿ë
(English Abstract)		 The virtualization layer is executed in higher authority layer than kernel layer and suitable for monitoring operating systems. However, existing virtualization monitoring systems provide simple information about the usage rate of CPU or memory. In this paper, the monitoring system using full virtualization technique is proposed, which can monitor virtual machine's dynamic kernel object as memory, register, GDT, IDT and system call table. To verify the monitoring system, the proposed system was implemented based on KVM(Kernel-based Virtual Machine) with full virtualization that is directly applied to linux kernel without any modification. The proposed system consists of KvmAccess module to access KVM's internal object and API to provide other external modules with monitoring result. In experiments, the CPU utilization for monitoring operations in the proposed monitering system is 0.35% when the system is monitored with 1-second period. The proposed monitoring system has a little performance degradation.
Å°¿öµå(Keyword) Àü°¡»óÈ­   ¸ð´ÏÅ͸µ ½Ã½ºÅÛ   º¸¾È   KVM   ¸®´ª½º Ä¿³Î   Full Virtualization   Monitoring System   Security   Linux Kernel  
ÆÄÀÏ÷ºÎ PDF ´Ù¿î·Îµå

¸ñ·Ï