The Architectural Based Interception and Identification of System Call Instruction within VMM
- DOI
- 10.2991/ccis-13.2013.18How to use a DOI?
- Keywords
- Guest OS;VMM;Virtualization; System Call
- Abstract
To solve the problem that VMM cannot monitor and control Guest OS system call instructions due to their non-trapping property, this paper propose an idea that make these instructions trap into VMM through breaking their normal execution conditions so as to cause exception. As to the three different system call mechanisms in the x86 architecture, we make software interrupt and sysenter based system calls trap into VMM through causing GP exception trap, while syscall trap into VMM through causing UD exception trap, and then identify them with the vcpu context information corresponding to the exception trap. The Qemu&Kvm based prototype indicates that VMM can successfully intercept and identify all the three system call behaviors coming from Guest OS, and the performance overhead is within an accepted range for normal applications. For example, in unixbench shell test case, the performance overhead ratio ranges from 1.900 to 2.608.
- Copyright
- © 2013, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Xiong Haiquan AU - Liu Zhiyong PY - 2013/11 DA - 2013/11 TI - The Architectural Based Interception and Identification of System Call Instruction within VMM BT - Proceedings of the The 1st International Workshop on Cloud Computing and Information Security PB - Atlantis Press SP - 73 EP - 76 SN - 1951-6851 UR - https://doi.org/10.2991/ccis-13.2013.18 DO - 10.2991/ccis-13.2013.18 ID - Haiquan2013/11 ER -