Magnetic disc file operation monitoring system and monitoring method based on Xen hardware virtualization

Abstract

Provided is a magnetic disc file operation monitoring system based on Xen hardware full virtualization. The magnetic disc file operation monitoring system comprises a supervision module, an information sending module, a monitoring module and a safety module. The supervision module obtains behavior information through interception of magnetic disc file operations of a full-virtualization user operation system so as to achieve the purpose of supervision. The information sending module and the monitoring module enable the behavior information to be transmitted from a domU to a domO. The safety module guarantees operation safety of the information sending module and the monitoring module. The invention provides a monitoring method which includes the steps of intercepting and replacing call of the magnetic disc file operation system in full virtualization, determining types of monitored files, determining whether the files need to be monitored in the operation process, comprehensively determining whether a behavior needs to be monitored according to operation types, the file types and process information, obtaining the behavior information, obtaining an operation target absolute path, sending information, performing information monitoring, and detecting whether the supervision module and the information sending module are attacked when codes are operated, wherein the supervision module and the information sending module are operated under the domU. According to the magnetic disc file operation monitoring system and the monitoring method based on Xen hardware virtualization, real-time monitoring is achieved, and I/O efficiency of an Xen full-virtualization network is improved.

Description

technical field [0001] The invention relates to the technical field of computer virtualization, and further relates to the field related to the Linux kernel and the field of system security. The present invention can be used on the Xen hardware virtualization platform that client operating system is the operating system of Linux or Unix class, realizes the real-time monitoring to the disk file operation of hardware virtualization client operating system in domO, for running on the virtualization platform The disk files of the operating system and the entire virtualization platform provide security. Background technique [0002] In the computer world, "virtualization" is everywhere. Xen is an open source virtual machine project initiated by Cambridge University professor Ian Pratt. Due to its superior performance and open source, it is widely favored by the industry and is considered to be one of the most promising virtualization solutions in the future. The security issues...

AI Technical Summary

Problems solved by technology

These typical monitoring technologies or monitoring tools have the following shortcomings: the implementation and deployment of File-system integrity tools depends on intrusion detection tools, and the fact that the database of intrusion detection tools must be updated regularly makes real-time monitoring impossible. Ability to monitor disk operations and file operations in real time, and lacks necessary log information

Existing monitoring technologies cannot meet the above requirements at the same time

Images