Virtual Machine Introspection

Win, Thu Yein; Tianfield, Huaglory; Mair, Quentin; Said, Taimur Al; Rana, Omer F.

doi:10.1145/2659651.2659710

Cited by 5 publications

(1 citation statement)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, shifting the infrastructure from traditional servers to virtualization does not guarantee that the server will avoid potential failures or other new threats. Consequently, the more new features or services will deliver, more potential failures that occur such as Hang (system failure), Denial of Service (DoS), and Malware (Hidden Rootkit) [4] [5]. Virtual Machine Introspection (VMI) is a solution that can be used to solve the problems that occur in virtual machines and create a resilient computing ecosystem.…”

Section: Introductionmentioning

confidence: 99%

Towards a Resilient Server with an external VMI in the Virtualization Environment

Thakral

Bansal

2020

emitter

View full text Add to dashboard Cite

Currently, cloud computing technology is implemented by many industries in the world. This technology is very promising due to many companies only need to provide relatively smaller capital for their IT infrastructure. Virtualization is the core of cloud computing technology. Virtualization allows one physical machine to runs multiple operating systems. As a result, they do not need a lot of physical infrastructures (servers). However, the existence of virtualization could not guarantee that system failures in the guest operating system can be avoided. In this paper, we discuss the monitoring of hangs in the guest operating system in a virtualized environment without installing a monitoring agent in the guest operating system. There are a number of forensic applications that are useful for analyzing memory, CPU, and I/O, and one of it is called as LibVMI. Drakvuf, black-box binary analysis system, utilizes LibVMI to secure the guest OS. We use the LibVMI library through Drakvuf plugins to monitor processes running on the guest operating system. Therefore, we create a new plugin to Drakvuf to detect Hangs on the guest operating system running on the Xen Hypervisor. The experiment reveals that our application is able to monitor the guest operating system in real-time. However, Extended Page Table (EPT) violations occur during the monitoring process. Consequently, we need to activate the altp2m feature on Xen Hypervisor to by minimizing EPT violations.

show abstract

Section: Introductionmentioning

confidence: 99%

Towards a Resilient Server with an external VMI in the Virtualization Environment

Thakral

Bansal

2020

emitter

View full text Add to dashboard Cite

show abstract

HyBIS: Advanced Introspection for Effective Windows Guest Protection

Pietro¹,

Franzoni²,

Lombardi³

2017

ICT Systems Security and Privacy Protection

View full text Add to dashboard Cite

Abstract-Effectively protecting the Windows OS is a challenging task, since most implementation details are not publicly known. Windows has always been the main target of malwares that have exploited numerous bugs and vulnerabilities. Recent trusted boot and additional integrity checks have rendered the Windows OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows Virtual Machines are becoming an increasingly interesting attack target. In this work we introduce and analyze a novel Hypervisor-Based Introspection System (HyBIS) we developed for protecting Windows OSes from malware and rootkits. The HyBIS architecture is motivated and detailed, while targeted experimental results show its effectiveness. Comparison with related work highlights main HyBIS advantages such as: effective semantic introspection, support for 64-bit architectures and for latest Windows (8.x and 10), advanced malware disabling capabilities. We believe the research effort reported here will pave the way to further advances in the security of Windows OSes.

show abstract