VMM-based Process Shepherding
Processes in commodity operating systems are \"Wild\" in nature: they are usually granted with excessive privileges, yet can be easily compromised and abused. Unfortunately, since commodity operating systems are big, complex, thus inherently untrusted, monitoring process behaviors within them is inherently insecure and could be circumvented or tampered. In this paper, the authors present an approach, named VMM-based process shepherding, to prevent, detect and isolate harmful behaviors (e.g. intrusions) of wild processes. The key idea of their approach is using a Virtual Machine Monitor (VMM) to shepherd all privileged operations made by a wild process, in terms of system calls.