Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring
نویسندگان
چکیده
Security requirements in the cloud have led to the development of new monitoring techniques that can be broadly categorized as virtual machine introspection (VMI) techniques. VMI monitoring aims to provide high-fidelity monitoring while keeping the monitor secure by leveraging the isolation provided by virtualization. This work shows that not all hypervisor activity is hidden from the guest virtual machine (VM), and the guest VM can detect when the hypervisor performs an action on the guest VM, such as a VMI monitoring check. We call this technique hypervisor introspection and demonstrate how a malicious insider could utilize this technique to evade a passive VMI system.
منابع مشابه
Virtual Machine Introspection with Xen on ARM
In the recent years, virtual machine introspection (VMI) has become a valuable technique for developing security applications for virtualized environments. With the increasing popularity of the ARM architecture, and the recent addition of hardware virtualization extensions, there is a growing need for porting existing VMI tools. Porting these applications requires proper hypervisor support, whi...
متن کاملVMI-PL: A monitoring language for virtual platforms using virtual machine introspection
With the growth of virtualization and cloud computing, more and more forensic investigations rely on being able to perform live forensics on a virtual machine using virtual machine introspection (VMI). Inspecting a virtual machine through its hypervisor enables investigation without risking contamination of the evidence, crashing the computer, etc. To further access to these techniques for the ...
متن کاملHardware assisted hypervisor introspection
In this paper, we introduce hypervisor introspection, an out-of-box way to monitor the execution of hypervisors. Similar to virtual machine introspection which has been proposed to protect virtual machines in an out-of-box way over the past decade, hypervisor introspection can be used to protect hypervisors which are the basis of cloud security. Virtual machine introspection tools are usually d...
متن کاملSurvey: Virtual Machine Introspection Based System Monitoring and Malware Detection Techniques
In recent years, modern malware are growing powerful. It is very common to see them subvert their victim machine’s security tools upon installation. Traditionally, one can solve this problem by moving critical security services into network so that they are isolated from monitored host and attackers. However, this will result in a poor review of what’s happening inside the host. To address this...
متن کاملHypervisor-based Security Architecture for Validating DNS Services (Poster)
Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses with the existing DNS protocols is that the request and response messages are transmitted on the network as plain text. This paper addresses important threats related to Doman Name System (DNS) using a hypervisor base...
متن کامل