Virtual Machine Introspection
Virtual machine introspection (VMI) is a technique for externally monitoring the runtime state of a system-level virtual machine. Monitors can be placed in another virtual machine, within the hypervisor, or within any other part of the virtualization architecture. For virtual machine introspection, the runtime state can be defined broadly to include processor registers, memory, disk, network, and any other hardware-level events.
Virtual machine introspection was originally introduced by Garfinkel and Rosenblum  as a way to protect a security application from attack by malicious software. The reasoning behind this claim of protection is that the software interface between a virtual machine and a hypervisor is relatively small, making it easier to implement correctly and verify than the relatively larger interface...
- 1.Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the network and distributed systems security symposium, February 2003Google Scholar
- 2.Payne BD, Carbone M, Lee W (2007) Secure and flexible monitoring of virtual machines. In: Proceedings of the annual computer security applications conference, December 2007Google Scholar
- 3.Payne BD, Carbone M, Sharif M, Lee W (2008) Lares: an architecture for secure active monitoring using virtualization. In: Proceedings of the IEEE symposium on security and privacy, May 2008Google Scholar
- 4.Jones ST, Arpaci-Dusseau AC, Arpaci-Dusseau RH (2006) Antfarm: tracking processes in a virtual machine environment. In: Proceedings of the USENIX annual technical conference, June 2006Google Scholar
- 5.Litty L, Lagar-Cavilla HA, Lie D (2008) Hypervisor support for identifying covertly executing binaries. In: Proceedings of the USENIX security symposium, August 2008Google Scholar
- 6.Petroni NL, Hicks M (2007) Automated detection of persistent kernel control-flow attacks. In: Proceedings of the ACM conference on computer and communications security, October 2007Google Scholar
- 8.Cozzie A, Stratton F, Xue H, King ST (2008) Digging for data structures. In: Proceedings of the USENIX symposium on operating systems design and implementation, December 2008Google Scholar
- 9.Dolan-Gavitt B, Srivastava A, Traynor P, Giffin J (2009) Robust signatures for kernel data structures. In: Proceedings of the ACM conference on computer and communications security, November 2009Google Scholar
- 10.The XenAccess virtual machine introspection library for Xen. http://www.xenaccess.org
- 11.The VMsafe virtual machine introspection library for VMware. http://www.vmware.com/go/vmsafe