【 摘 要 】

Virtualization technology has enabled powerful security monitoring techniques, such as virtual machine introspection (VMI). These monitoring techniques, however, rely on the assumed isolation of virtualized environments from the hypervisor. We show that there are still some events that can be observed that break this isolation. External observers can discern when virtual machines are suspended due to hypervisor activity, and can use this information to mount advanced attacks that go undetected by VMI monitoring systems. We demonstrate some example attacks against realistic monitors using our technique, and discuss existing and potential defenses against these kinds of attacks.

【 预 览 】

附件列表

Files	Size	Format	View
Hypervisor introspection: a technique for evading passive virtual machine monitoring	1059KB	PDF	download