Skip to main content

Advances, Systems and Applications

Journal of Cloud Computing Cover Image

Table 1 Comparison of VMI techniques

From: Virtual machine introspection: towards bridging the semantic gap

Category Technique Location of code VMM transparency VMM alteration Guest support Advantages
   Guest VM Secure VM VMM     
Memory introspection Using Xen Libraries N Y Y No Required PV Guests Safety of VMI code
I/O Introspection   N N Y No Required All Types Driver and I/O access inspection
System call introspection Using VT support N Y Y No Required All Types Processor support makes introspection less complicated
  By Hardware Rooting N Y N No Required All Types Protection from DKSM attacks
Process introspection Using Hooks Y Y Y Yes Required All Types Reverse remote control possible
  Using Shadow Page Tables Y N Y Yes Required All Types Trusted Introspection code execution
  Using CFG Y N Y Yes Required All Types Novel approach for code malfunction detection
Other techniques Code Injection Y N Y   Required All Types Secure and less prone to attacks
  Function Call Injection Y Y Y No Required All Types Novel approach
  Page Flag Inspection Y Y N No No PV guests Detects packed & encrypted malwares
  Process Out-grafting Y Y Y Yes Required All Types A novel approach
  Live Kernel Data Redirection Y Y Y Yes Required All Types Choice of selection for introspection programme
Proposed technique Event Injection Y N Y Yes Required All Types Secure & almost every introspection code can be used