###

计算机系统应用英文版:2019,28(3):73-79

View/Add Comment 过刊浏览高级检索 HTML

←前一篇 | 后一篇→

码上扫一扫！

下载全文

系统虚拟化环境下客户机系统调用信息捕获与分析

宁强^1,2, 崔超远¹, 李勇钢^1,2

(1.中国科学院合肥物质科学研究院智能机械研究所, 合肥 230031;2.中国科学技术大学, 合肥 230026)

Capture and Analysis of Guest System Calls' Information in System Virtualization Environment

NING Qiang^1,2, CUI Chao-Yuan¹, LI Yong-Gang^1,2

(1.Institute of Intelligent Machines, Hefei Institutes of Physical Science, Chinese Academy of Sciences, Hefei 230031, China;2.University of Science and Technology of China, Hefei 230026, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 1604次下载 2267次
Received:September 05, 2018 Revised:September 27, 2018

中文摘要: 针对当前方法无法对系统调用参数和返回值等信息进行捕获和分析的问题，在Nitro的基础上建立了一个实时监视客户机内系统调用的系统.该系统通过修改硬件规范和指令重写，实现对快速系统调用进入和退出指令的捕捉和分析.之后，结合VCPU的上下文信息和系统调用的语义模板解析各参数；捕获到系统调用退出指令后，则根据VCPU寄存器信息解析返回值.实验证明，与同类捕获系统调用的方法相比，该系统可以实时捕获客户机内的系统调用序列，解析得到完整的系统调用信息，包括系统调用名、系统调用号、参数和返回值.该系统还能区分不同进程产生的系统调用，并在宿主机中引入了不超过15%的性能开销.

中文关键词: 系统调用序列系统调用参数系统调用返回值 KVM 指令重写

Abstract:For the problem that current methods unable to capture and analyze the system call parameters and return values, a system for real-time monitoring of system calls in the guest was established based on Nitro. The system capture and analyze fast system call entry and exit instructions by modifying hardware specifications and rewriting instructions. After capturing the system call entry instruction, the parameters are parsed according to the context information of the VCPU and the semantic template of the system call; after the system call exit instruction is captured, the return value is parsed according to the VCPU register information. Compared with the similar capture system call method, experiments show that the system can capture the system call sequence in the guest in real time, and obtain complete system call information including system call name, system call number, parameters, and return value. The system can also distinguish between system calls generated by different processes and brings no more than 15% performance overhead to the host.

keywords: system call sequence system call parameters system call return value KVM instruction rewriting

文章编号： 中图分类号： 文献标志码：

基金项目:

引用文本：
宁强,崔超远,李勇钢.系统虚拟化环境下客户机系统调用信息捕获与分析.计算机系统应用,2019,28(3):73-79
NING Qiang,CUI Chao-Yuan,LI Yong-Gang.Capture and Analysis of Guest System Calls' Information in System Virtualization Environment.COMPUTER SYSTEMS APPLICATIONS,2019,28(3):73-79

Author Name	Affiliation	E-mail
NING Qiang	Institute of Intelligent Machines, Hefei Institutes of Physical Science, Chinese Academy of Sciences, Hefei 230031, China University of Science and Technology of China, Hefei 230026, China
CUI Chao-Yuan	Institute of Intelligent Machines, Hefei Institutes of Physical Science, Chinese Academy of Sciences, Hefei 230031, China	cycui@iim.ac.cn
LI Yong-Gang	Institute of Intelligent Machines, Hefei Institutes of Physical Science, Chinese Academy of Sciences, Hefei 230031, China University of Science and Technology of China, Hefei 230026, China

Author Name	Affiliation	E-mail
NING Qiang	Institute of Intelligent Machines, Hefei Institutes of Physical Science, Chinese Academy of Sciences, Hefei 230031, China University of Science and Technology of China, Hefei 230026, China
CUI Chao-Yuan	Institute of Intelligent Machines, Hefei Institutes of Physical Science, Chinese Academy of Sciences, Hefei 230031, China	cycui@iim.ac.cn
LI Yong-Gang	Institute of Intelligent Machines, Hefei Institutes of Physical Science, Chinese Academy of Sciences, Hefei 230031, China University of Science and Technology of China, Hefei 230026, China