文献类型：期刊文献

英文题名：COW-IMM: A Novel Integrity Measurement Method Based on Copy-on-Write for File in Virtual Machine

作者：Li, Shupan[1,2,3];Xiao, Limin[1,2];Qin, Guangjun[4];Ruan, Li[1,2];Su, Shubin[1,2]

第一作者：Li, Shupan

通讯作者：Xiao, LM[1];Xiao, LM[2]

机构：[1]Beihang Univ, State Key Lab Software Dev Environm, Beijing 100191, Peoples R China;[2]Beihang Univ, Sch Comp Sci & Engn, Beijing 100191, Peoples R China;[3]Nanyang Normal Univ, Sch Comp & Informat Technol, Nanyang 473061, Peoples R China;[4]Beijing Union Univ, Coll Intellectualized City, Beijing 100101, Peoples R China

第一机构：Beihang Univ, State Key Lab Software Dev Environm, Beijing 100191, Peoples R China

通讯机构：[1]corresponding author), Beihang Univ, State Key Lab Software Dev Environm, Beijing 100191, Peoples R China;[2]corresponding author), Beihang Univ, Sch Comp Sci & Engn, Beijing 100191, Peoples R China.

年份：2018

卷号：6

起止页码：51776-51790

外文期刊名：IEEE ACCESS

收录：;EI(收录号：20183405731951);Scopus(收录号：2-s2.0-85051780969);WOS:【SCI-EXPANDED(收录号:WOS:000447037700001)】；

基金：This work was supported in part by the National Key Research and Development Program of China under Grant 2017YFB1010000, in part by the National Natural Science Foundation of China under Grant 61772053 and Grant 61370059, and in part by the Science Challenge Project under Grant TZ2017002.

语种：英文

外文关键词：Integrity measurement method; copy-on-write; virtual machine; base image; increment image; security

摘要：The integrity measurement method is used to detect whether the files are tampered with and to build a trusted environment. It can improve the security of virtual machines using base and increment image. Currently, the traditional integrity measurement methods (MDA-IMM) are based on the message digest algorithm with high computational complexity and heavy data. As a result, the MDA-IMM consumes a lot of I/O resources and spends too much time. To address those issues, we propose a novel method (COW-IMM) based on copy-on-write for the files in base image, the precondition is that, there is one-to-one correspondence between the cluster of image and the logic block of file system, and both of them have the same size. The COW-IMM gets the information of files for integrity measurement from base image and measures the integrity of files in increment image. We implement a prototype based on KVM, Qcow2 image, and Ext4. The algorithm analysis shows that, the volume of data used by COW-IMM is 512 times smaller than that used by MDA-IMM at least, if the file size is the same. The experimental evaluations show that, the speed of COW-IMM is faster and faster than that of MDA-IMM with the increment of file size. For example, when the file size is 0.1M, the speed of COW-IMM is about 10 times faster than that of MDA-IMM; when the file size is 90M, the speed of COW-IMM is about 592 times faster than that of MDA-IMM.