Hypervisor introspection: A technique for evading passive virtual machine monitoring

Gary Wang, Zachary J. Estrada, Cuong Pham, Zbigniew Kalbarczyk, Ravishankar K. Iyer

Research output: Contribution to conferencePaper

Abstract

Security requirements in the cloud have led to the development of new monitoring techniques that can be broadly categorized as virtual machine introspection (VMI) techniques. VMI monitoring aims to provide high-fidelity monitoring while keeping the monitor secure by leveraging the isolation provided by virtualization. This work shows that not all hypervisor activity is hidden from the guest virtual machine (VM), and the guest VM can detect when the hypervisor performs an action on the guest VM, such as a VMI monitoring check. We call this technique hypervisor introspection and demonstrate how a malicious insider could utilize this technique to evade a passive VMI system.

Original languageEnglish (US)
StatePublished - Jan 1 2015
Event9th USENIX Workshop on Offensive Technologies, WOOT 2015 - Washington, United States
Duration: Aug 10 2015Aug 11 2015

Conference

Conference9th USENIX Workshop on Offensive Technologies, WOOT 2015
CountryUnited States
CityWashington
Period8/10/158/11/15

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Software

Fingerprint Dive into the research topics of 'Hypervisor introspection: A technique for evading passive virtual machine monitoring'. Together they form a unique fingerprint.

  • Cite this

    Wang, G., Estrada, Z. J., Pham, C., Kalbarczyk, Z., & Iyer, R. K. (2015). Hypervisor introspection: A technique for evading passive virtual machine monitoring. Paper presented at 9th USENIX Workshop on Offensive Technologies, WOOT 2015, Washington, United States.