Understanding Threats in Hypervisor, its Forensics Mechanism and its Research Challenges

International Journal of Computer Applications
© 2015 by IJCA Journal
Volume 119 - Number 1
Year of Publication: 2015
Lalit Mohan Joshi
Mukesh Kumar
Rajendra Bharti

Lalit Mohan Joshi, Mukesh Kumar and Rajendra Bharti. Article: Understanding Threats in Hypervisor, its Forensics Mechanism and its Research Challenges. International Journal of Computer Applications 119(1):1-5, June 2015. Full text available. BibTeX

	author = {Lalit Mohan Joshi and Mukesh Kumar and Rajendra Bharti},
	title = {Article: Understanding Threats in Hypervisor, its Forensics Mechanism and its Research Challenges},
	journal = {International Journal of Computer Applications},
	year = {2015},
	volume = {119},
	number = {1},
	pages = {1-5},
	month = {June},
	note = {Full text available}


Cloud Computing is the emerging technology in IT which aims more and more users to be part of it. Cloud computing is a revolution in IT the way resources are utilized and managed. It is an emerging and prosperous field for both academically and industrially. With its wide acceptance today security is a vital concern. Technique running at the back of Cloud computing is virtualization in which virtual machines simultaneously operates and application that controls and managed them is hypervisor. Many models for security of virtualization have been proposed for the protection of resources but still virtualization is being vulnerable to many attacks. Hypervisor forensics is an post approach to investigate and analyze security threats at hypervisor level. This research field will be beneficial for reducing crime rate at network level and improve security. This paper aims to understand some of the proposed model and identify research gap and challenges to provide better awareness of hypervisor forensics. The benefit of this work is that it depicts the state-of-the art in hypervisor forensics.


  • Java virtual machine, (2014), [online]. Available: http://en. wikipedia. org/wiki, [Oct,17,2014].
  • Dalvik virtual machine, (2014),[online]. Available: http://en. wikipedia. org/wiki, [Oct, 18, 2014].
  • Sun-Oracle,(2014), " Virtual Box 8. 2", [online]. Available: http://www. virtualbox. org, [Oct, 16, 2014]
  • Xen, (2014), [online]. Available: http://www. xenproject. org, [Oct, 21, 2014]
  • Linux,(2014), "KVM 4. 2 ", [online]. Available: http://www. linux-kvm. org, [Oct, 15, 2014]
  • Nexenta Hypervisor Survey. http://www. nexenta. com/corp/nexenta-hypervisor-survey.
  • Is the Hypervisor Market Expanding or Contracting?http://www. aberdeen. com/Aberdeen-Library/8157/AI-hypervisor-server-virtualization. aspx.
  • National vulnerability database. http://web. nvd. nist. gov/view/vuln/search.
  • J. Levine, J. Grizzard, and H. Owen. Detecting and categorizing kernel-level rootkits to aid future detection. IEEE Security Privacy Magazine, 4(1):24 {32, January {February 2006}
  • Heiser J. Remote forensics software. Gartner RAS core Research Note G00171898; 2011.
  • National Institute of Standards and Technology,(2014), [online] Available: http://en. wikipdeia. org/wiki, [Oct,20,2014]/
  • Virtual machine escape, (2014), [online] Available: http:// en. wikidpedia. org/wiki, [Oct, 20,2014]. T. Ristenpart and e. al, "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds," presented at the16th ACM conference on Computer and communications security, Chicago, IL, November 9-13, 2009.
  • "Securing Virtualization in Real-World Environments," White paper, 2009. Rosenblum M. and Garfinkel T. Virtual machine monitors: current technology and future trends. Computer, 38(5):39–47, May 2005.
  • Renato J. Figueiredo, Peter A. Dinda, and J. Fortes. A case for grid computing on virtual machines. In ICDCS '03: Proceedings of the 23rd International Conference on Distributed Computing Systems, page 550, Washington, DC, USA, 2003. IEEE Computer Society.
  • J. Mutch, (2010), "How to Steal Data from the Cloud,"[Online]. Available:http://www. cloudbook. net/resources/stories/how-tosteal-data-from-the-cloud, [Oct. 15, 2014]
  • SQL injection, (2014), [online]. Available: http://en. wikipedia. org/wiki, [Nov, 02, 2014].
  • Spoofing Attacks, (2014), [online]. Available:http://www. veracode. com/security/spoofing-attack, [Nov,01,2014]
  • N. L. Beebe and J. G. Clark, "A hierarchical, objectives-based framework for the digital investigations process," Digital Investigation, vol. 2, no. 2, pp. 147-167, 2005.
  • E. S. Pilli, R. C. Joshi, and R. Niyogi, "Network forensic frameworks: Survey and Research Challenges," Digital Investigation, vol. 7, no. 1/2, pp. 14-27, 2010.
  • Network Intrusion Detection Systems [Online] Available: http://wikipedia. org/ [Nov,04,2014]
  • Host Intrusion Detection Systems [Online] Available: http://wikipedia. org/ [Nov,04,2014]
  • Xen security,(2014) [online]. Available: http://support. citrix. com/article/CTX126531[Nov,08, 2014]
  • LibVMI, (2014) [online]. Available: http://code. google. com/p/vmitools/wiki/LibVMIIntrodution [Nov,10,2014].
  • M. Rosenblum, E. Garfinkel, S. Devine, and S. A. Her- rod. Using the simos machine simulator to study complex computer systems. Modeling and Computer Simulation, 7(1):78–103, 1997.
  • Cloud Security Project [Online] Available: https://www. cloudsec. com/[Nov,21,2014].
  • Cheng Yan, "Cybercrime forensic system in cloud computing", Image Analysis and Signal Processing (IASP), 2011 International Conference on , vol. , no. , pp. 612-615, 21-23 Oct. 2011, [URL] http://ieeexplore. ieee. org/search/srchabstract. jsp?arnumber =6109117
  • Patrick, (2010), "Security in a Public IaaS Cloud Part 3: Data Storage ", [Online]. Available: http://www. cloudsigma. com/blog/15-security-in-the-cloud-data- storage, [Oct. 15, 2014].
  • F. Xinwen, L. Zhen, Y. Wei, and L. Junzhou, "Cyber Crime Scene Investigations (C2;SI) through Cloud Computing," in IEEE 30th International Conference on Distributed Computing Systems Workshops (ICDCSW), 2010, 2010, pp. 26-31.