Based on the work done by Tomasz Tuzel
Toolkit: [login to view URL]
Evil Hypervisor: [login to view URL]
Preso - [login to view URL]
Write a tool that detects if LibVMI is being used, report it into a log file, and also through a GUI application, browser based.
Use the ecr_toolkit to develop a tool to detect and report into a log file and also through a GUI application, browser based, that
can detect Hypervisor Introspection Attacks:
Types of Attacks:
Flush+Reload
Prime+Probe
Evict+Time
Flush+Flush
Prime+Abort
LibVMI - on Github
Create a baseline
World Switch
Hypervisor Introspection
Memory Intercessions - excessive page violations, VM-exit large overhead, large timing increase
Passive Memory Monitoring - Flush+Reload, Timing Decrease
Instruction Intercession - Wall Timing
Non-Temporal Instructions -
Suspicious timings
Timing Manipulation
Thread Racing
Detection using Increased Virtualization Exceptions #VE
VMFUNC
Prime+Abort -
Prime+Probe -
Side-Channel vulnerabilities
Non-Isolated Caching
Intel SGX is enabled/disabled
Crypto Introspection
LibVMI Introspection
Needs to work in PV, HVM and PVH mode.
I am a graduate in Computer Science. I am a honest boy with a bundle of technical skills. I hope you will find my work interesting and hire me for your job.
the further details provided by you will decide the first milestone