A novel integrity measurement method based on copy-on-write for region in virtual machine

Abstract

More and more enterprises are migrating services and data into virtual machine (VM) using base and increment, and the files in the VM may contain critical data. Therefore, it is necessary to build a trusted environment to enhance the security of the files in VM by the integrity measurement methods (IMMs). In order to simplify the management of the files in integrity measurement, the security manager needs to put these files into one region and then to measures the integrity of the region. If the region is integrity, the files in that region are integrity too. Currently, the traditional IMMs are all based on the message digest algorithms that use too much amount of data, spend much time, and make the performance of VMs degraded. Aiming to address those problems, we propose a novel IMM based on copy-on-write for the region, called RIMM. The method puts the region into the base image, gets the integrity information of the region from the base image by the structures of image and region, and periodically measures the integrity of the region in the increment image by the structure of image and copy-on-write. It is transparent for VM and can eliminate the semantic gap. The evaluation shows that the RIMM can significantly reduce the amount of data and time in the process of integrity measurement. For example, (1) when the region size is 100MB, the amount of data used by RIMM is about 400 times smaller than that used by IMMs based on MD5; the time spent by RIMM is about 600 times less than that used by IMMs based on MD5. (2) when the region size is 9GB, the amount of data used by RIMM is about 29000 times smaller than that used by IMMs based on MD5; the time spent by RIMM is about 3864 times less than that used by IMMs based on MD5.