Secure and Flexible Monitoring of Virtual Machines

Bryan Payne
Georgia Institute of Technology
USA

Martim Carbone
Georgia Institute of Technology
USA

Wenke Lee
Georgia Institute of Technology
USA

The monitoring of virtual machines has many applications in areas such as security and systems management. A monitoring technique known as introspection has received significant discussion in the research literature, but these prior works have focused on the applications of introspection rather than how to properly build a monitoring architecture. In this paper we propose a set of requirements that should guide the development of virtual machine monitoring solutions. To illustrate the viability of these requirements, we describe the design of XenAccess, a monitoring library for operating systems running on Xen. XenAccess incorporates virtual memory introspection and virtual disk monitoring capabilities, allowing monitor applications to safely and efficiently access the memory state and disk activity of a target operating system. XenAccess' efficiency and functionality are illustrated through a series of performance tests and practical examples.

Keywords: virtual machine monitor, monitoring architecture, introspection, disk-based monitoring

Read Paper Read Paper (in PDF)