Virtualization-based security monitoring

Abstract

In recent years, virtualization technology is the novel trendy of computer architecture, and it provides a solution for security monitoring. Due to the highest privilege and the smaller trusted computing base of virtual machine monitor, security tools, deployed in an isolated virtual machine, can inspect the target virtual machine with the help of virtual machine monitor. This approach can enhance the effectiveness and anti-attack ability of security tools. From the aspect of the implementation technologies, existing research works can be classified into internal monitoring and external monitoring. According to the different targets, the related works about virtualization-based monitoring are introduced in this paper in detail, such as intrusion detection, honeypot, file integrity monitoring, malware detection and analysis, security monitoring architecture and the generality of monitoring. Finally, this paper summarizes the shortcomings of existing works, and presents the future research directions. It is significant for virtualization research and security monitoring research. ©2012 ISCAS.