Space Traveling Across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection Via Online Kernel Data Redirection
It is generally believed to be a tedious, time-consuming, and error-prone process to develop a Virtual Machine Introspection (VMI) tool manually because of the semantic gap. Recent advances in Virtuoso show that the authors can largely narrow the semantic gap. But it still cannot completely automate the VMI tool generation. In this paper, they present VMST, an entirely new technique that can automatically bridge the semantic gap and generate the VMI tools. The key idea is that, through system wide instruction monitoring, they can automatically identify the introspection related data and redirect these data accesses to the in-guest kernel memory. VMST offers a number of new features and capabilities. Particularly, it automatically enables an in-guest inspection program to become an introspection program.