Many current VM monitoring approaches require guest OS modifications and are unable to perform application-level monitoring, reducing their value in a cloud setting. I will present a framework that allows one to dynamically monitor applications and operating systems inside a VM. The framework does not require any changes to the guest OS, avoiding the tight coupling of monitoring with the target that is often present in other systems. Furthermore, the monitors can be customized and enabled/disabled while the VM is running. I will present some example detectors and show how the framework can be used as an emergency detector for a vulnerability.
Zak Estrada is a Ph.D. candidate in Electrical and Computer Engineering (ECE) at the University of Illinois at Urbana-Champaign. He is a member of the DEPEND research group (http://depend.csl.illinois.edu/) in the Coordinated Science Laboratory (CSL). He received his M.S. in ECE from UIUC in 2012 and has a B.S. in CompE from the Illinois Institute of Technology. His research interests include computer system security and reliability, with a current focus on cloud computing and virtualization. He is currently a Mavis Future Faculty Fellow.