Difference between revisions of "Virtual Machine Introspection"

From Xen
m
Line 4: Line 4:
   
 
Also see:
 
Also see:
  +
* [https://www.youtube.com/watch?v=k0BVFyyuvRA|Virtual Machine Introspection with Xen]
  +
* [https://www.youtube.com/watch?v=nKrfsGvZgvo|VM Introspection: Practical Applications]
 
* [https://www.youtube.com/watch?v=GGjPU6jHi_w YouTube video] ([http://events.linuxfoundation.org/sites/events/files/slides/Zero-Footprint%20Guest%20Memory%20Introspection%20from%20Xen%20_%20draft11.pdf presentation])
 
* [https://www.youtube.com/watch?v=GGjPU6jHi_w YouTube video] ([http://events.linuxfoundation.org/sites/events/files/slides/Zero-Footprint%20Guest%20Memory%20Introspection%20from%20Xen%20_%20draft11.pdf presentation])
 
* [http://tklengyel.github.io/drakvuf/ DRAKVUF - Dynamic Malware Analysis] (contains a number of demos)
 
* [http://tklengyel.github.io/drakvuf/ DRAKVUF - Dynamic Malware Analysis] (contains a number of demos)

Revision as of 14:00, 2 November 2015

You can find an excellent introduction on the topic here.

In Xen 4.5, VM introspection using Intel EPT / AMD RVI hardware virtualization functionality was added building on Xen Project Hypervisors Memory Inspection APIs introduced in 2011. This addresses a number of security issues from outside the guest OS without relying on functionality that can be rendered unreliable by advanced malware. The approach works by auditing access of sensitive memory areas using HW support in guests in an unobtrusive way (or maybe better: with minimal overhead) and allows control software running within a dedicated VM to allow or deny attempts to access sensitive memory based on policy and security heuristics.

Also see: