Virtual Machine Introspection in Virtualization: A Security Perspective

Abstract

Virtualization technology has gained enough attention in several fields such as Cloud Computing, the Internet of Things (IoT), and software defined networking (SDN), etc. However, security issues in virtualization impose several questions on the adoption of this technology and raise strong security concerns. Most of the researchers have employed traditional security approaches in virtualization. However, these approaches are not effective enough for the modern environment. Instead, Introspection-based approaches such as Virtual Machine Introspection (VMI) are more useful to protect the virtualized environment. VMI approaches provide robust solutions in identifying the user and kernel-level processes-based attacks by positioning the security tool outside the VM. The successful implementation of these solutions is still challenging due to having heterogeneous design architectures of hypervisors. In this paper, a comprehensive study of VMI approaches is provided with the perspective of facilitating secure attack detection solutions in the virtualization environment. Various open research challenges are identified and discussed in detail. A brief discussion on the various VMI libraries is provided to give some practical insights to readers. We hope that our work will motivate researchers to work in this direction more actively.