CloudController: a writable and heterogeneous-adaptive virtual machine introspection for cloud management

Virtual machine introspection (VMI) is a critical functionality for cloud management because of the capability of security monitoring. Recently, a concept of writable VMI was proposed to update the state of guest OS from out-of-VM, which is suitable for an automated cloud management due to the feature of high automation. However, current solution of writable VMI lacks practicability because it has high overhead, fails to monitor disk data, and requires the guest OSes between monitoring VM and monitored VM are identical. In this paper, we present CloudController, a writable and heterogeneous-adaptive VMI framework, in which the semantic gap is bridged through redirecting crucial system call issued by introspection processes into the monitored VM. CloudController can be directly applied to automated cloud management due to its writability and heterogeneous-adaptivity (simultaneously monitoring multiple VMs with heterogeneous guest OSes). Besides, CloudController is secure enough to defend against a variety of attacks. To highlight the writability of CloudController, we have developed some applications based on it to automatically secure the guest OSes. We have systematically evaluated CloudController and the experimental results show that it is effective and practical for cloud and its performance overhead is negligible compared to most existing VMI prototypes.