• linux
• linux kernel
• KVM
• QEMU
• virtualization
• security

Nowadays, cloud computing is gaining more and more popularity. People use cloud-related services every day. Virtualization is one of the most important enabling technology for this new kind of computing. CPUs are often equipped with features aiming to simplify hypervisor's tasks, such as running multiple virtual machines on the same physical one. The isolation guarantees offered by virtualization can be exploited to add a layer of security to a running guest system, both to its operating system and the applications running on it. Researchers in the past tried to achieve the same goal with systems which are completely outside the virtual machine, or totally inside it. The former approach suffers from the semantic gap problem, deriving from the difficulty to reconstruct semantic information from raw and low-level data. The latter, instead, cannot easily protect itself from attackers, since it is difficult to do it from the same privilege level. This work tries to follow a hybrid approach, running security critical and monitoring code inside the guest kernel and at the same time protecting and enforcing its execution from the hypervisor. A secured paravirtualized channel is then used to extract meaningful guest's data, which can then be examined to detect intrusions or enforce further security related policies.