Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Students and Grants
    • Co-Located Workshops
  • Program
  • Participate
    • Instructions for Participants
    • Call for Papers
  • Sponsorship
  • About
    • Workshop Organizers
    • Services
    • Questions
    • Help Promote!
    • Past Workshops
  • Home
  • Attend
  • Program
  • Participate
    • Instructions for Participants
    • Call for Papers
  • Sponsorship
  • About
    • Workshop Organizers
    • Services
    • Questions
    • Help Promote!
    • Past Workshops

sponsors

Bronze Sponsor

help promote

WOOT '16 button

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home ยป Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring
Tweet

connect with us

Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring

Authors: 

Gary Wang, Zachary J. Estrada, Cuong Pham, Zbigniew Kalbarczyk, and Ravishankar K. Iyer, University of Illinois at Urbana-Champaign

Abstract: 

Security requirements in the cloud have led to the development of new monitoring techniques that can be broadly categorized as virtual machine introspection (VMI) techniques. VMI monitoring aims to provide high-fidelity monitoring while keeping the monitor secure by leveraging the isolation provided by virtualization. This work shows that not all hypervisor activity is hidden from the guest virtual machine (VM), and the guest VM can detect when the hypervisor performs an action on the guest VM, such as a VMI monitoring check. We call this technique hypervisor introspection and demonstrate how a malicious insider could utilize this technique to evade a passive VMI system.

Gary Wang, University of Illinois at Urbana-Champaign

Zachary J. Estrada, University of Illinois at Urbana-Champaign

Cuong Pham, University of Illinois at Urbana-Champaign

Zbigniew Kalbarczyk, University of Illinois at Urbana-Champaign

Ravishankar K. Iyer, University of Illinois at Urbana-Champaign

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {191958,
author = {Gary Wang and Zachary J. Estrada and Cuong Pham and Zbigniew Kalbarczyk and Ravishankar K. Iyer},
title = {Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring},
booktitle = {9th USENIX Workshop on Offensive Technologies (WOOT 15)},
year = {2015},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/woot15/workshop-program/presentation/wang},
publisher = {USENIX Association},
month = aug,
}
Download
Wang PDF
View the slides
  • Log in or    Register to post comments

Bronze Sponsors

© USENIX

  • Privacy Policy
  • Contact Us