Summary of measurement technology under the virtualization Architecture

Summary of measurement techniques in virtualization architecture http://hi.baidu.com/mars208/blog/item/de0c823ad29763f5838b13ee.html
Measurement is the most basic and core technology of trusted computing. Measure BIOS from TPM, to OS, and ApplicationProgramTo establish system trust is accomplished by measurement. There are many types of measurement methods. From the most classic IMA measurement architecture to the extended prima, the measurement of the operating system kernel module, kernel service, and process loading is realized. The Linux kernel data structure, the lkim Measurement Method of key variables, and some dynamic measurement methods and measurement programsCodeSegment, data segment, and so on, using cow (copy
On write) to achieve consistency measurement.
The preceding measurement methods are implemented in a single system. Therefore, how to measure the virtualization architecture of multiple systems has become a hot topic in Measurement research over the past two years. Some classic solutions are proposed, for example, Hima and vimm.
Next I will summarize the New Technology Research points of measurement technology under the virtualization architecture.
1. The measurement content and scope are greatly expanded.
Traditional measurement methods are used to measure program files, code images, kernel modules, kernel data variables, and program memory pages. In a hypervisor-based system, you can measure system calls, interruptions, exceptions, and other events. When these events occur, You can dynamically measure the latest status of the system. This is a real dynamic measurement; it can also measure the registers and stacks of the guest OS, and the meaning of the measurement is becoming richer and richer.
2. debugging and monitoring technologies are applied to measurements.
To monitor the guest OS, the hypervisor needs to check the registers, stacks, and stacks of the guest OS, including the event types (such as the system call number in the eax register ), the base page address of the current process (in the 33rd register), the variable parameters of the event (stored in the register and stack), the command pointer and the stack pointer of the running process. The hypervisor must be used to monitor system calls, interruptions, and abnormal events. The implementation method is to set an Invalid Address, resulting in protection
Fault falls into the hypervisor, And the hypervisor performs measurement again. In addition, you need to save the correct system call return address and use the debug register to save the address so that the correct return address of context can be set after the hypervisor checks.
3. NX flag space control measure method.
The hypervisor layer controls the NX flag of the page to verify the Running code of the guest OS. All new pages of guest OS are marked with NX. When Guest OS executes the Page code, page fault is triggered. hypervisor takes over the control and then verifies these pages, only after the verification is passed can the NX mark of these pages be canceled and the executable code can be executed.
4. other measurement research, such as the identification and protection of memory pages, and the re- ing measurement of memory pages.