Host-based virtual machine introspection (VMI) is a technique that enables monitoring virtual machines at the hypervisor layer. One of the challenges of host-based VMI is the lack of guest context. For example, a host can see network packets sent by a virtual machine, but it lacks the guest context about the process in the guest (virtual machine) that sent the network packets. Similarly, the host can see the disk block being read or written to by the virtual machine, but it lacks the guest context as to which file the disk block belongs to and which process in the guest accessed that file.
Another challenge of host-based VMI is the lack of ability to perform an action that is purely a guest construct. For example, a host can provide protection for the guest physical pages (typically code pages) by marking them as non-writable in an extended page table. Whenever the guest writes to such a page, it would result in an extended page table (EPT) violation that the hypervisor would handle and take an appropriate security action. However, the host cannot lock the guest physical page to ensure the mapping between a corresponding guest virtual page and the guest physical page stays constant in the guest.
These challenges can be solved by having an agent running in a guest that bridges the guest context gap and coordinate with a host-based VMI application. For example, an agent could intercept a “socket connect” call in the guest, capture the guest context (e.g., process information), and send it to the VMI application. When the VMI application sees a contemporary network packet, it can correlate the network packet with the process information received earlier. In another example, an agent can intercept a “module load” function in the guest, lock the guest physical pages corresponding to the code of a newly loaded module, and send the guest physical page numbers to the VMI application. The VMI application in turn can mark those pages as non-writable in an extended page table.
However, introducing an agent has its own set of security challenges. A malware running in a guest may disable the agent. A malware can do control flow attack on the agent and fool the host-based VMI application. The communication channel between the agent and host may be compromised. Thus, it is an imperfect solution since the VMI application relies on the agent running in the virtual machine and trust that it functions normally.
There are also non-security or operational challenges for introducing an agent. An agent would need to be installed or updated in every virtual machine. The interception capability of the agent is limited to what a guest operating system offers. Operating systems like Windows® have a kernel patch protection, also known as “PatchGuard,” that prevents patching kernel. Hence, intercepting at arbitrary code locations in kernel is not possible.