VRFPS: A Novel Virtual Machine-Based Real-time File Protection System

Abstract

With the development of virtualization technology, file protection in virtual machine, especially in guest OS, becomes more and more important. Traditional host-based file protection system resides the critical modules in monitored system, which is easily explored and destroyed by malwares. Moreover, in order to protect the multiple operation systems running on the same platform, it is necessary to install independent file protection system for each of them, which greatly wastes computing resources and brings serious performance overhead. In this paper, a novel VM-based real-time file protection system, named VRFPS, is proposed to solve these problems. First, virtual machine monitor introspects all file operations of guest OS. Then, semantic gap between disk block and logic files is narrowed by blktap. Finally, a virtual sandbox is implemented in privileged domain to prevent protected files in guest domain from modifying illegally. Our approach is highly isolated, transparent and without modification on virtual machine monitor and guest OS. The experimental results show that the presented system is validate and of low performance overhead.