Virtual machine security monitoring method based on physical memory analysis

Abstract

In the cloud computing environment, the security of virtual machine system becomes increasingly important with virtual machines have been widely deployed. Virtual machine security monitoring method based on physical memory analysis is proposed allusion to security risk and criminal behavior in the current cloud computing, computer, and mobile information terminal. Cloud security monitoring forensics system is developed based on the monitoring method, which can get each virtual host “memory” in physical hosts without affecting the user experience and the running state of virtual machines. The forensic system can fast access to the critical information through memory analysis, such as process information, thread information, network information, registry information, opened file information, and can further in-depth analysis and mine the virtual machine hard disk information. It can achieve comprehensive monitoring, forensics evidence, analysis and processing, and efficiently obtain evidence of a crime in the cloud. The method has been verified on KVM and VMware Workstation and is proved to be effective and reliable. Finally, it gives the deficiencies of the research work and the next work.