The government hosts an increasing number of services in the cloud. Cloud clients may push their own virtual machine images into the cloud and this may have security implications for both clients and service hosts. Because clients control the configuration of the virtual machines, it is not always possible to install monitoring software inside the guest system. Monitoring activity may also be complicated due to the variety of configurations that clients of the cloud system may deploy. Further, cloud system administrators may not trust monitoring systems that they did not themselves develop.
Thus, there is a general need to gain introspection into the virtual machine guest systems of a cloud hypervisor to monitor the guests without modifying the guest system or the cloud hypervisor.