Virtualization sprawl has rapidly grown over the last few years. Servers and
desktops are being constantly virtualized in the name of, amongst others, resource
consolidation and cost reduction. Traditional monitoring technologies
can oer neither adequate protection nor ecient use of a system's resources;
intercommunication between virtual machines are not trivial to inspect, as
well as the internal state of each virtual machine. Tampering with virtual
machines could easily go unnoticed and rootkits, viruses and similar threats
could infect a virtual machine and act covertly due to a lack of visibility.
New solutions to thwart or mitigate those risks have made their way into the
industry. Virtual machine introspection enables external monitoring of a virtual
machine's internals using a privileged security-oriented virtual machine.
The aim of this thesis is to discuss the virtualization-related security issues
and examine traditional and modern monitoring techniques, their limitations
and the level of protection and assurance they oer. Finally we propose and
discuss a defensive concept of a mechanism that aims to distract and confuse
a potential adversary by presenting him misleading information about the
system.