project for asad a

Based on the work done by Tomasz Tuzel Toolkit: [login to view URL] Evil Hypervisor: [login to view URL] Preso - [login to view URL] Write a tool that detects if LibVMI is being used, report it into a log file, and also through a GUI application, browser based. Use the ecr_toolkit to develop a tool to detect and report into a log file and also through a GUI application, browser based, that can detect Hypervisor Introspection Attacks: Types of Attacks: Flush+Reload Prime+Probe Evict+Time Flush+Flush Prime+Abort LibVMI - on Github Create a baseline World Switch Hypervisor Introspection Memory Intercessions - excessive page violations, VM-exit large overhead, large timing increase Passive Memory Monitoring - Flush+Reload, Timing Decrease Instruction Intercession - Wall Timing Non-Temporal Instructions - Suspicious timings Timing Manipulation Thread Racing Detection using Increased Virtualization Exceptions #VE VMFUNC Prime+Abort - Prime+Probe - Side-Channel vulnerabilities Non-Isolated Caching Intel SGX is enabled/disabled Crypto Introspection LibVMI Introspection Needs to work in PV, HVM and PVH mode.