Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring

@inproceedings{Wang2015HypervisorIA,
  title={Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring},
  author={Gary Wang and Zachary Estrada and Cuong Manh Pham and Zbigniew T. Kalbarczyk and Ravishankar K. Iyer},
  booktitle={WOOT},
  year={2015}
}
Security requirements in the cloud have led to the development of new monitoring techniques that can be broadly categorized as virtual machine introspection (VMI) techniques. VMI monitoring aims to provide high-fidelity monitoring while keeping the monitor secure by leveraging the isolation provided by virtualization. This work shows that not all hypervisor activity is hidden from the guest virtual machine (VM), and the guest VM can detect when the hypervisor performs an action on the guest VM… CONTINUE READING
Highly Cited
This paper has 19 citations. REVIEW CITATIONS

Citations

Publications citing this paper.
Showing 1-10 of 10 extracted citations

The Design and Implementation of Hyperupcalls

USENIX Annual Technical Conference • 2018
View 5 Excerpts
Highly Influenced

Trends of anti-analysis operations of malwares observed in API call logs

Journal of Computer Virology and Hacking Techniques • 2017
View 1 Excerpt

Trustworthy Services Built on Event-Based Probing for Layered Defense

2017 IEEE International Conference on Cloud Engineering (IC2E) • 2017
View 1 Excerpt

PIkit: A New Kernel-Independent Processor-Interconnect Rootkit

USENIX Security Symposium • 2016
View 1 Excerpt

References

Publications referenced by this paper.
Showing 1-10 of 12 references

Simplifying virtual machine introspection using libvmi

B. D. PAYNE
Tech. Rep. SAND2012-7818, Sandia National Laboratories, • 2012
View 7 Excerpts
Highly Influenced

Reliability and Security Monitoring of Virtual Machines Using Hardware Architectural Invariants

2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks • 2014
View 2 Excerpts

Mitigating access-driven timing channels in clouds using StopWatch

2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) • 2013
View 2 Excerpts

Cross-VM side channels and their use to extract private keys

ACM Conference on Computer and Communications Security • 2012
View 1 Excerpt

Similar Papers

Loading similar papers…