Virtual Machine Introspection with Xen on ARM
نویسنده
چکیده
In the recent years, virtual machine introspection (VMI) has become a valuable technique for developing security applications for virtualized environments. With the increasing popularity of the ARM architecture, and the recent addition of hardware virtualization extensions, there is a growing need for porting existing VMI tools. Porting these applications requires proper hypervisor support, which we have been implementing for the upcoming release of the Xen hypervisor.
منابع مشابه
Virtual Machine Introspection in a Hybrid Honeypot Architecture
With the recent advent of effective and practical virtual machine introspection tools, we revisit the use of hybrid honeypots as a means to implement automated malware collection and analysis. We introduce VMIHoneymon, a high-interaction honeypot monitor which uses virtual machine memory introspection on Xen. VMI-Honeymon remains transparent to the monitored virtual machine and bypasses relianc...
متن کاملVirtualizing ARM VFP (Vector Floating-Point) with Xen-ARM
VFP is a Vector Floating-Point unit in ARM processors. It enables ARM processors to handle auxiliary floating-point operations with hardware, which has become an essential part for performance in recent mobile devices. However, mobile virtualization such as Xen-ARM does not support virtual VFP, so floating point operations are very slow in mobile virtual machine. To overcome the performance lim...
متن کاملSecure Observation of Kernel Behavior
Operating system kernels are difficult to understand and monitor. Hardware virtualization provides a layer where security tools can observe a kernel, but the gap between operating system abstractions and hardware accesses limits the ability of tools to comprehend the kernel’s activity. Virtual machine introspection (VMI) builds knowledge of high-level kernel state by directly accessing the memo...
متن کاملObservation or Interference?
A t one time, desktop computers were “one machine, one operating system, one application,” forcing users to close one application to open another—and often to spend more time waiting than doing as a result. The advent of “one machine, one operating system, many applications” let users run multiple programs simultaneously and introduced a major step forward in computational evolution. Today, vir...
متن کاملTamper-Resistant, Application-Aware Blocking of Malicious Network Connections
Application-level firewalls block traffic based on the process that is sending or receiving the network flow. They help detect bots, worms, and backdoors that send or receive malicious packets without the knowledge of users. Recent attacks show that these firewalls can be disabled by knowledgeable attackers. To counter this threat, we develop VMwall, a fine-grained tamper-resistant process-orie...
متن کامل