Process Implanting: A New Active Introspection Framework for Virtualization
Project Members
Zhongshu Gu, Zhui Deng, Dongyan Xu, Xuxian Jiang
Zhongshu Gu, Zhui Deng, Dongyan Xu, Xuxian Jiang
Abstract
Previous research on virtual machine introspection proposed “out-of-box” approach by moving out security
tools from the guest operating system. However, compared to
the traditional “in-the-box” approach, it remains a challenge
to obtain a complete semantic view due to the semantic gap
between the guest VM and the hypervisor.
In this paper, we present Process Implanting, a new active
VM introspection framework, to narrow the semantic gap by
implanting a process from the host into the guest VM and
executing it under the cover of an existing running process.
With the protection and coordination from the hypervisor,
the implanted process can run with a degree of stealthiness
and exit gracefully without leaving negative impact on the
guest operating system. We have designed and implemented a
proof-of-concept prototype on KVM which leverages hardware
virtualization. We also propose and demonstrate application
scenarios for Process Implanting in the area of VM security