Virtual Machine Introspection

From Xen
Revision as of 15:57, 9 January 2015 by Lars.kurth (talk | contribs)

You can find an excellent introduction on the topic here.

In Xen 4.5, VM introspection using Intel EPT / AMD RVI hardware virtualization functionality was added building on Xen Project Hypervisors Memory Inspection APIs introduced in 2011. This addresses a number of security issues from outside the guest OS without relying on functionality that can be rendered unreliable by advanced malware. The approach works by auditing access of sensitive memory areas using HW support in guests in an unobtrusive way (or maybe better: with minimal overhead) and allows control software running within a dedicated VM to allow or deny attempts to access sensitive memory based on policy and security heuristics.

Also see: