Taming virtualization

Abstract

Virtualization has gained importance in the computer systems community with the revival of virtual machines (VM), driven by the efforts in industry and academia. These VM based rootkits (VMBR) work by in-setting a malicious hypervisor under the operating systems (OS) and leveraging virtualization to make themselves detectable by traditional integrity monitors. VMBR takes control of the entire OS by installing themselves as hypervisors underneath the OS and then transforming it into a VM. GuardHype is a concept for a hypervisor with a focus on security and VMBR prevention. One of its main task is to control how the user deploys virtualization, allowing the execution of legitimate third-party hypervisors but disallowing VMBRs. A user might employ virtualization to simultaneously run different OSs, debug applications, run virtual appliances, or try some other features made possible by virtualization.