Process Implanting: A New Active Introspection Framework for Virtualization

Authors:
Zhongshu Gu;Zhui Deng;Dongyan Xu;Xuxian Jiang
Affiliations:
-;-;-;-
Venue:
SRDS '11 Proceedings of the 2011 IEEE 30th International Symposium on Reliable Distributed Systems
Year:
2011

Citing 0
Cited 4

Process out-grafting: an efficient "out-of-VM" approach for fine-grained process execution monitoring

Proceedings of the 18th ACM conference on Computer and communications security
EXTERIOR: using a dual-VM based external shell for guest-OS introspection, configuration, and recovery

Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
POSTER: Event-based isolation of critical data in the cloud

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Real-time deep virtual machine introspection and its applications

Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Quantified Score

Hi-index	0.00

Visualization

Abstract

Previous research on virtual machine introspection proposed "out-of-box" approach by moving out security tools from the guest operating system. However, compared to the traditional "in-the-box" approach, it remains a challenge to obtain a complete semantic view due to the semantic gap between the guest VM and the hyper visor. In this paper, we present Process Implanting, a new active VM introspection framework, to narrow the semantic gap by implanting a process from the host into the guest VM and executing it under the cover of an existing running process. With the protection and coordination from the hyper visor, the implanted process can run with a degree of stealthiest and exit gracefully without leaving negative impact on the guest operating system. We have designed and implemented a proof-of-concept prototype on KVM which leverages hardware virtualization. We also propose and demonstrate application scenarios for Process Implanting in the area of VM security.