A Disjunctive VMI Model Based on XSM

This paper analyzed the former works relevant to Virtual Machine Introspection (VMI) and found that most of the VMI applications are deployed either in the hypervisor or in privileged virtual machines (dom0). As VMI applications may also be vulnerable, it will increase the risk of hypervisor or dom0 being attacked where other critical tools such as management tools and performance monitoring tools are also deployed. To reduce the impact of VMI applications to Trusted Computing Base (TCB), we propose and implement a disjunctive VMI model based on Xen Security Model (XSM) and FLASK security architecture. By migrating the VMI applications to a separate VM, we are able to minimize the impact of VMI to TCB, while in the same time keep VMI tools working by authorizing the access to other VMs. Experiments results proved that our model is both effective and efficient.