Abstract
Security requirements in the cloud have led to the development of new monitoring techniques that can be broadly categorized as virtual machine introspection (VMI) techniques. VMI monitoring aims to provide high-fidelity monitoring while keeping the monitor secure by leveraging the isolation provided by virtualization. This work shows that not all hypervisor activity is hidden from the guest virtual machine (VM), and the guest VM can detect when the hypervisor performs an action on the guest VM, such as a VMI monitoring check. We call this technique hypervisor introspection and demonstrate how a malicious insider could utilize this technique to evade a passive VMI system.
| Original language | English (US) |
|---|---|
| State | Published - 2015 |
| Event | 9th USENIX Workshop on Offensive Technologies, WOOT 2015 - Washington, United States Duration: Aug 10 2015 → Aug 11 2015 |
Conference
| Conference | 9th USENIX Workshop on Offensive Technologies, WOOT 2015 |
|---|---|
| Country/Territory | United States |
| City | Washington |
| Period | 8/10/15 → 8/11/15 |
ASJC Scopus subject areas
- Computer Networks and Communications
- Hardware and Architecture
- Information Systems
- Software