| Title | Transparent IDS Offloading for Split-Memory Virtual Machines |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Yamato, K., Kourai, K., Saadawi, T. |
| Conference Name | 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC) |
| Keywords | access VM remote memory, Big Data, composability, exchanges memory data, IDS, IDS offloading, Instruction sets, Intrusion Detection Systems, large-memory VM, maintenance engineering, Memory management, Monitoring, multiple hosts, offloaded IDS, pubcrawl, remote hosts, resilience, Resiliency, Runtime, security of data, split migration, split-memory virtual machines, split-memory VM, transparent IDS offloading, virtual machines, Virtual machining, VM introspection, VM migration, VMemTrans |
| Abstract | To enable virtual machines (VMs) with a large amount of memory to be flexibly migrated, split migration has been proposed. It divides a large-memory VM into small pieces and transfers them to multiple hosts. After the migration, the VM runs across those hosts and exchanges memory data between hosts using remote paging. For such a split-memory VM, however, it becomes difficult to securely run intrusion detection systems (IDS) outside the VM using a technique called IDS offloading. This paper proposes VMemTrans to support transparent IDS offloading for split-memory VMs. In VMemTrans, offloaded IDS can monitor a split-memory VM as if that memory were not distributed. To achieve this, VMemTrans enables IDS running in one host to transparently access VM's remote memory. To consider a trade-off, it provides two methods for obtaining memory data from remote hosts: self paging and proxy paging. We have implemented VMemTrans in KVM and compared the execution performance between the two methods. |
| DOI | 10.1109/COMPSAC48688.2020.0-160 |
| Citation Key | yamato_transparent_2020 |
Transparent IDS Offloading for Split-Memory Virtual Machines