THE SECURE MIGRATION OF A VIRTUAL MACHINE INTROSPECTION INTRUSION DETECTION SYSTEM

摘要

This paper presents a method to perform a live migration ofrna virtual machine introspection (VMI) intrusion detectionrnsystem (IDS) from one physical node to another with itsrnassociated virtual machine (VM). This is extremely importantrnas more attention is given to VMI IDSes in the areas ofrnboth Enterprise and Cloud Computing environments wherernlive migration is utilized for load balancing and fault tolerance.rnCurrent VMI IDS systems neglect the live migrationrncapabilities of VMs restricting the monitored VM tornthat specific node. Our work is to investigate the potentialrnmethodologies to perform this task such that VMI IDSesrnbecome feasible within practical computing environments.rnWe have designed a methodology to accomplish this goalrnand extended the VMI IDS known as the virtual systemlevelrnlightweight integrity monitor (vSLIM) in order to validaternour work. We have evaluated this design using manin-rnthe-middle attacks which modify the VM during transitrnin order to verify the correctness of our design and foundrnless than 3% overhead when compared to the cost of migratingrna VM without a VMI IDS. Likewise, the cost ofrnthis migration provides little impact on the performance ofrnco-located VMs.