About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
IEEE Security and Privacy
Paper
Taming virtualization
Abstract
Virtualization has gained importance in the computer systems community with the revival of virtual machines (VM), driven by the efforts in industry and academia. These VM based rootkits (VMBR) work by in-setting a malicious hypervisor under the operating systems (OS) and leveraging virtualization to make themselves detectable by traditional integrity monitors. VMBR takes control of the entire OS by installing themselves as hypervisors underneath the OS and then transforming it into a VM. GuardHype is a concept for a hypervisor with a focus on security and VMBR prevention. One of its main task is to control how the user deploys virtualization, allowing the execution of legitimate third-party hypervisors but disallowing VMBRs. A user might employ virtualization to simultaneously run different OSs, debug applications, run virtual appliances, or try some other features made possible by virtualization.