Masoudeh Keshavarzi - Master’s Degree Student, Department of Computer, Payame Noor University, Tehran, Iran
Mohammad Reza Heidarinezhad - Assistant Professor, Department of Computer, Payame Noor University, Tehran, Iran

Nowadays, critical systems are being virtualized in the name of, amongst other things,cost savings. The file system becomes the usual target of malicious attacks because itcontains a lots of sensitive data, such as executable programs, configuration and authorization information. If unintended changes happen on the related file, it may affectthe security of related computer system. File integrity monitoring is an effective approachto discover aggressive behavior by detecting modification actions on these sensitive files. Organizations are going to gain confidence in virtualization. Virtual machineintrospection describes the method of monitoring and analyzing the state of a virtual machine from the hypervisor level. Having the benefits of virtualization to design security application, it can bring over traditional computing infrastructures and practices.Semantic gap and the cost of context switches between the trusted monitor and the virtualmachine being monitored are challenges in security application base on virtualization. Inthis paper, we present a model to design real-time file integrity monitoring application in virtual machine-based computing environment, which is trying to bridge semantic gap and reduce context switching. By comparing existing method, we infer this is a propermodel to design file integrity monitoring applications based on virtualization that is feasible in many of other security systems based on virtualization.

Virtual machine introspection; file integrity; semantic gap; context switching