Asynchronouns Notification Channel for Exploitation-Robust Secure OS on Virtual Machine Monitor

(VMM) Virtual Machine Monitor provides secure isolation between guest OS and monitoring system. Fortunately, VMM provides utilities of pause, copy and save (snapshot) of guest OS. These commands can be used for detection, prevention and forensics. To enable these utilities effectively, an asynchronous notification channel is necessary to implement to secure the system. In this paper, the authors propose an asynchronous notification channel for improving secure OS on virtual machine monitor. They design interruption mechanism specified for security incident notification of guest OS. Proposed method is applied for buffer overflow handling, LKM-rootkit profiling and MAC (Mandatory Access Control) extension.