Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
POSTER: Event-based isolation of critical data in the cloud
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Real-time deep virtual machine introspection and its applications
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.00 |
Previous research on virtual machine introspection proposed "out-of-box" approach by moving out security tools from the guest operating system. However, compared to the traditional "in-the-box" approach, it remains a challenge to obtain a complete semantic view due to the semantic gap between the guest VM and the hyper visor. In this paper, we present Process Implanting, a new active VM introspection framework, to narrow the semantic gap by implanting a process from the host into the guest VM and executing it under the cover of an existing running process. With the protection and coordination from the hyper visor, the implanted process can run with a degree of stealthiest and exit gracefully without leaving negative impact on the guest operating system. We have designed and implemented a proof-of-concept prototype on KVM which leverages hardware virtualization. We also propose and demonstrate application scenarios for Process Implanting in the area of VM security.