Abstract
The virtual block device is the data carrier of virtual machine (VM) and user information, while the file system is the ultimate goal of many attackers. We proposed a security device named virtual block device mapping to file (VBD-MF) that can translate block-level operations into file-level ones by building a mapping from blocks to files. VBD-MF could provide an out-of-VM way to monitor the file system with no modification on the code of virtual machine monitor (VMM) and guest OS, and it also provided other security tools and methods with direct interface to operate the file system. We implemented a prototype on Linux and KVM. The evaluation shows that VBD-MF has a better capability of monitoring with some loss on performance of read and write. Compared to the traditional monitoring of host-based file system, VBD-MF has a better hidden and safety property.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
