A Lightweight Hypervisor for Malware Analysis
Source: University of Illinois
Malicious software is rampant on the Internet and is costing billions of dollars each year. Safe and thorough analysis of malware is key to protecting systems and cleaning those that have already been infected. This paper proposes a lightweight hardware-supported virtualization platform that is purpose-built for malware analysis. Hardware virtualization makes the VMM difficult to detect and reduces its size and complexity. They further simplify their VMM by not implementing virtualization features that are unnecessary for malware analysis (e.g., virtual device emulation). Their platform is more amenable to developing and deploying analysis techniques directly in the VMM than Xen or VMWare. This paper discusses their prototype design and implementation. They also discuss the effectiveness of various malware analysis techniques that they have developed to run on their platform.