{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T12:05:15Z","timestamp":1772885115791,"version":"3.50.1"},"reference-count":127,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2013,2,1]],"date-time":"2013-02-01T00:00:00Z","timestamp":1359676800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2013,2]]},"abstract":"<jats:p>Although system virtualization is not a new paradigm, the way in which it is used in modern system architectures provides a powerful platform for system building, the advantages of which have only been realized in recent years, as a result of the rapid deployment of commodity hardware and software systems. In principle, virtualization involves the use of an encapsulating software layer (Hypervisor or Virtual Machine Monitor) which surrounds or underlies an operating system and provides the same inputs, outputs, and behavior that would be expected from an actual physical device. This abstraction means that an ideal Virtual Machine Monitor provides an environment to the software equivalent to the host system, but which is decoupled from the hardware state. Because a virtual machine is not dependent on the state of the physical hardware, multiple virtual machines may be installed on a single set of hardware. The decoupling of physical and logical states gives virtualization inherent security benefits. However, the design, implementation, and deployment of virtualization technology have also opened up novel threats and security issues which, while not particular to system virtualization, take on new forms in relation to it. Reverse engineering becomes easier due to introspection capabilities, as encryption keys, security algorithms, low-level protection, intrusion detection, or antidebugging measures can become more easily compromised. Furthermore, associated technologies such as virtual routing and networking can create challenging issues for security, intrusion control, and associated forensic processes. We explain the security considerations and some associated methodologies by which security breaches can occur, and offer recommendations for how virtualized environments can best be protected. Finally, we offer a set of generalized recommendations that can be applied to achieve secure virtualized implementations.<\/jats:p>","DOI":"10.1145\/2431211.2431216","type":"journal-article","created":{"date-parts":[[2013,3,8]],"date-time":"2013-03-08T15:00:42Z","timestamp":1362754842000},"page":"1-39","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":147,"title":["Virtualization"],"prefix":"10.1145","volume":"45","author":[{"given":"Michael","family":"Pearce","sequence":"first","affiliation":[{"name":"The University of Canterbury, Christchurch, New Zealand"}]},{"given":"Sherali","family":"Zeadally","sequence":"additional","affiliation":[{"name":"University of The District of Columbia, Washington, DC"}]},{"given":"Ray","family":"Hunt","sequence":"additional","affiliation":[{"name":"The University of Canterbury, Christchurch, New Zealand"}]}],"member":"320","published-online":{"date-parts":[[2013,3,12]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1168857.1168860"},{"key":"e_1_2_1_2_1","unstructured":"Advanced Micro Devices. 2008. AMD-VTM nested paging. http:\/\/developer.amd.com\/assets\/NPT-WP-1 1-final-TM.pdf.  Advanced Micro Devices. 2008. AMD-V TM nested paging. http:\/\/developer.amd.com\/assets\/NPT-WP-1 1-final-TM.pdf."},{"key":"e_1_2_1_3_1","unstructured":"Advanced Micro Devices. 2010. AMD virtualization (AMD-V)TM technology. http:\/\/sites.amd.com\/us\/business\/itsolutions\/virtualization\/Pages\/amd-v.aspx.  Advanced Micro Devices. 2010. AMD virtualization (AMD-V) TM technology. http:\/\/sites.amd.com\/us\/business\/itsolutions\/virtualization\/Pages\/amd-v.aspx."},{"key":"e_1_2_1_4_1","unstructured":"Athreya M. B. 2010. Subverting Linux On-the-Fly Using Hardware Virtualization Technology. http:\/\/smartech.gatech.edu\/handle\/1853\/34844.  Athreya M. B. 2010. Subverting Linux On-the-Fly Using Hardware Virtualization Technology. http:\/\/smartech.gatech.edu\/handle\/1853\/34844."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1496909.1496919"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945462"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2007.443"},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the 15th USENIX Security Symposium. 1--16","author":"Berger S.","year":"2006","unstructured":"Berger , S. , Perez , R. , Caceres , R. , Sailer , R. , Goldman , K. A. , and van Doorn , L. 2006 . vTPM: Virtualizing the trusted platform module . In Proceedings of the 15th USENIX Security Symposium. 1--16 . Berger, S., Perez, R., Caceres, R., Sailer, R., Goldman, K. A., and van Doorn, L. 2006. vTPM: Virtualizing the trusted platform module. In Proceedings of the 15th USENIX Security Symposium. 1--16."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655148.1655154"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1456482.1456491"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/265924.265930"},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of Defcon 15","author":"Capelis D. J.","year":"2007","unstructured":"Capelis , D. J. 2007 . Virtualization: Enough holes to work vegas . In Proceedings of Defcon 15 . Capelis, D. J. 2007. Virtualization: Enough holes to work vegas. In Proceedings of Defcon 15."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.24"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14597-1_10"},{"key":"e_1_2_1_15_1","volume-title":"Scalable security architecture for trusted software","author":"Champagne D.","unstructured":"Champagne , D. 2010. Scalable security architecture for trusted software , Princeton University , Ph .D dissertation Princeton, NJ. Champagne, D. 2010. Scalable security architecture for trusted software, Princeton University, Ph.D dissertation Princeton, NJ."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346281.1346284"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2009.5183468"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655022"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294046.1294055"},{"key":"e_1_2_1_20_1","unstructured":"CommonCriteria. 2008. Certification report for processor resource\/system manager (PR\/SM) for the IBM system z10 EC GA1. Tech. rep. BSI-DSZ-CC-0460-2008. Informationstechnik 1--38. http:\/\/www.commoncriteriaportal.org\/files\/epfiles\/0460a.pdf.  CommonCriteria. 2008. Certification report for processor resource\/system manager (PR\/SM) for the IBM system z10 EC GA1. Tech. rep. BSI-DSZ-CC-0460-2008. Informationstechnik 1--38. http:\/\/www.commoncriteriaportal.org\/files\/epfiles\/0460a.pdf."},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of Blackhat USA. http:\/\/media.blackhat.com\/bh-us-10\/presentations\/Criscione\/BlackHat-USA-2010-Criscione-Virtually-Pwned-slides.pdf.","author":"Criscione C.","year":"2010","unstructured":"Criscione , C. 2010 . Virtually pwned - Pentesting virtualization . In Proceedings of Blackhat USA. http:\/\/media.blackhat.com\/bh-us-10\/presentations\/Criscione\/BlackHat-USA-2010-Criscione-Virtually-Pwned-slides.pdf. Criscione, C. 2010. Virtually pwned - Pentesting virtualization. In Proceedings of Blackhat USA. http:\/\/media.blackhat.com\/bh-us-10\/presentations\/Criscione\/BlackHat-USA-2010-Criscione-Virtually-Pwned-slides.pdf."},{"key":"e_1_2_1_22_1","unstructured":"Dai Zovi D. A. 2006. Hardware virtualization rootkits. http:\/\/www.orkspace.net\/secdocs\/Conferences\/BlackHat\/USA\/2006\/Hardware Virtualization Based Rootkits.pdf.  Dai Zovi D. A. 2006. Hardware virtualization rootkits. http:\/\/www.orkspace.net\/secdocs\/Conferences\/BlackHat\/USA\/2006\/Hardware Virtualization Based Rootkits.pdf."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1496909.1496918"},{"key":"e_1_2_1_24_1","volume-title":"Proceedings of the Spring Simulation Multiconference. Society for Computer Simulation International, 828--835","author":"Dewan P.","unstructured":"Dewan , P. , Durham , D. , Khosravi , H. , Long , M. , and Nagabhushan , G . 2008. A hypervisor-based system for protecting software runtime memory and persistent storage . In Proceedings of the Spring Simulation Multiconference. Society for Computer Simulation International, 828--835 . Dewan, P., Durham, D., Khosravi, H., Long, M., and Nagabhushan, G. 2008. A hypervisor-based system for protecting software runtime memory and persistent storage. In Proceedings of the Spring Simulation Multiconference. Society for Computer Simulation International, 828--835."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICPPW.2005.77"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1618525.1618534"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-008-0109-x"},{"key":"e_1_2_1_29_1","unstructured":"Ferrie P. 2007a. Attacks on more virtual machine emulators. http:\/\/pferrie.tripod.com\/papers\/attacks2.pdf.  Ferrie P. 2007a. Attacks on more virtual machine emulators. http:\/\/pferrie.tripod.com\/papers\/attacks2.pdf."},{"key":"e_1_2_1_30_1","unstructured":"Ferrie P. 2007b. Attacks on virtual machine emulators. http:\/\/www.symantec.com\/avcenter\/reference\/Virtual_Machine_Threats.pdf.  Ferrie P. 2007b. Attacks on virtual machine emulators. http:\/\/www.symantec.com\/avcenter\/reference\/Virtual_Machine_Threats.pdf."},{"key":"e_1_2_1_31_1","unstructured":"Ferrie P. Hapi H. and Joy J. O. Y. 2006. Virus analysis tumours and polips. Virus Bull. 4--8.  Ferrie P. Hapi H. and Joy J. O. Y. 2006. Virus analysis tumours and polips. Virus Bull. 4--8."},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.166"},{"key":"e_1_2_1_33_1","unstructured":"Franklin J Seshadri A Qu N Chaki S. and Datta A. 2008a. Attacking repairing and verifying SecVisor: A retrospective on the security of a hypervisor. Cylab Tech. rep. CMU-CyLab-08-008.  Franklin J Seshadri A Qu N Chaki S. and Datta A. 2008a. Attacking repairing and verifying SecVisor: A retrospective on the security of a hypervisor. Cylab Tech. rep. CMU-CyLab-08-008."},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368506.1368518"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/961053.961092"},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the 10th Conference on Hot Topics in Operating Systems (HOTOS'05)","volume":"10","author":"Garfinkel T","unstructured":"Garfinkel , T , and Rosenblum , M . 2005. When virtual is harder than real: Security challenges in virtual machine based computing environments . In Proceedings of the 10th Conference on Hot Topics in Operating Systems (HOTOS'05) . Vol. 10 , ACM Press, 6. Garfinkel, T, and Rosenblum, M. 2005. When virtual is harder than real: Security challenges in virtual machine based computing environments. In Proceedings of the 10th Conference on Hot Topics in Operating Systems (HOTOS'05). Vol. 10, ACM Press, 6."},{"key":"e_1_2_1_37_1","volume-title":"Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems. USENIX Association, 1--6.","author":"Garfinkel T.","unstructured":"Garfinkel , T. , Adams , K. , Warfield , A. , and Franklin , J . 2007. Compatibility is not transparency: VMM detection myths and realities . In Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems. USENIX Association, 1--6. Garfinkel, T., Adams, K., Warfield, A., and Franklin, J. 2007. Compatibility is not transparency: VMM detection myths and realities. In Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems. USENIX Association, 1--6."},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of the Network and Distributed Systems Security Symposium.","volume":"1","author":"Garfinkel T.","unstructured":"Garfinkel , T. and Rosenblum , M . 2003. A virtual machine introspection based architecture for intrusion detection . In Proceedings of the Network and Distributed Systems Security Symposium. Vol. 1 . 253--285. Garfinkel, T. and Rosenblum, M. 2003. A virtual machine introspection based architecture for intrusion detection. In Proceedings of the Network and Distributed Systems Security Symposium. Vol. 1. 253--285."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(08)70128-4"},{"key":"e_1_2_1_40_1","volume-title":"Proceedings of the 3rd Asia Pacific Trusted Infrastructure Technologies Conference. 19--29","author":"Gebhardt C","unstructured":"Gebhardt , C , and Tomlinson , A . 2008. Security consideration for virtualization. Tech. rep. RHUL--MA--2008--16 . In Proceedings of the 3rd Asia Pacific Trusted Infrastructure Technologies Conference. 19--29 . Gebhardt, C, and Tomlinson, A. 2008. Security consideration for virtualization. Tech. rep. RHUL--MA--2008--16. In Proceedings of the 3rd Asia Pacific Trusted Infrastructure Technologies Conference. 19--29."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/800122.803950"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.1974.6323581"},{"key":"e_1_2_1_43_1","volume-title":"Proceedings of the 1st IEEE Workshop on Hot Topics in System Dependability.","author":"Griffin J. L.","year":"2005","unstructured":"Griffin , J. L. , Jaeger , T. , Perez , R. , Sailer , R. , van Doorn , L. , 2005 . Trusted virtual domains: Toward secure distributed services . In Proceedings of the 1st IEEE Workshop on Hot Topics in System Dependability. Griffin, J. L., Jaeger, T., Perez, R., Sailer, R., van Doorn, L., et al. 2005. Trusted virtual domains: Toward secure distributed services. In Proceedings of the 1st IEEE Workshop on Hot Topics in System Dependability."},{"key":"e_1_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Gueron S. and Seifert J. P. 2009. On the impossibility of detecting virtual machine monitors. Emerg. Challen. Secur. Privacy Trust 297. Springer 143--151.  Gueron S. and Seifert J. P. 2009. On the impossibility of detecting virtual machine monitors. Emerg. Challen. Secur. Privacy Trust 297. Springer 143--151.","DOI":"10.1007\/978-3-642-01244-0_13"},{"key":"e_1_2_1_45_1","volume-title":"Proceedings of the 3rd Conference on Virtual Machine Research and Technology Symposium. USENIX.","author":"Haldar V.","unstructured":"Haldar , V. , Chandra , D. , and Franz , M . 2004. Semantic remote attestation\u2014A virtual machine directed approach to trusted computing . In Proceedings of the 3rd Conference on Virtual Machine Research and Technology Symposium. USENIX. Haldar, V., Chandra, D., and Franz, M. 2004. Semantic remote attestation\u2014A virtual machine directed approach to trusted computing. In Proceedings of the 3rd Conference on Virtual Machine Research and Technology Symposium. USENIX."},{"key":"e_1_2_1_46_1","unstructured":"Intel. 2003. Intel\u00ae Trusted Execution Technology Architectural Overview. http:\/\/www.intel.com\/technology\/security\/downloads\/arch-overview.pdf  Intel. 2003. Intel\u00ae Trusted Execution Technology Architectural Overview. http:\/\/www.intel.com\/technology\/security\/downloads\/arch-overview.pdf"},{"key":"e_1_2_1_47_1","unstructured":"Intel. 2009. Intel\u00ae trusted execution technology (Intel\u00ae TXT) software development guide. architecture.  Intel. 2009. Intel\u00ae trusted execution technology (Intel\u00ae TXT) software development guide. architecture."},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/1278480.1278482"},{"key":"e_1_2_1_49_1","volume-title":"Proceedings of the International Scientific Conference Computer Science. 335--339","author":"Ivanov I.","unstructured":"Ivanov , I. and Gueorguiev , V . 2008. Operating systems virtualisation and security-modern aspects and an open trusted computing project . In Proceedings of the International Scientific Conference Computer Science. 335--339 . Ivanov, I. and Gueorguiev, V. 2008. Operating systems virtualisation and security-modern aspects and an open trusted computing project. In Proceedings of the International Scientific Conference Computer Science. 335--339."},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266853"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-85571-2_6"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1516241.1516310"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1346256.1346269"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.119"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.38"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/ATNAC.2009.5464964"},{"key":"e_1_2_1_57_1","unstructured":"Kortchinsky K. 2009. Cloudburst\u2014A VMware guest to host escape story. http:\/\/www.blackhat.com\/presentations\/bh-usa-09\/KORTCHINSKY\/BHUSA09-Kortchinsky-Cloudburst-SLIDES.pdf.  Kortchinsky K. 2009. Cloudburst\u2014A VMware guest to host escape story. http:\/\/www.blackhat.com\/presentations\/bh-usa-09\/KORTCHINSKY\/BHUSA09-Kortchinsky-Cloudburst-SLIDES.pdf."},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1064979.1065006"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/1815695.1815717"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/185403.185412"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.5555\/1018420.1019724"},{"key":"e_1_2_1_62_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society.","author":"Lindqvist U.","unstructured":"Lindqvist , U. and Jonsson , E . 1997. How to systematically classify computer security intrusions . In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society. Lindqvist, U. and Jonsson, E. 1997. How to systematically classify computer security intrusions. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society."},{"key":"e_1_2_1_63_1","volume-title":"Proceedings of the SANSFIRE Conference. 1--27","author":"Liston T.","unstructured":"Liston , T. and Skoudis , E . 2006. On the cutting edge: Thwarting virtual machine detection . In Proceedings of the SANSFIRE Conference. 1--27 . Liston, T. and Skoudis, E. 2006. On the cutting edge: Thwarting virtual machine detection. In Proceedings of the SANSFIRE Conference. 1--27."},{"key":"e_1_2_1_64_1","volume-title":"Department of Computer Science","author":"Litty L.","unstructured":"Litty , L. 2005. Hypervisor-Based intrusion detection. Master's thesis , Department of Computer Science , University of Toronto , Canada. Litty, L. 2005. Hypervisor-Based intrusion detection. Master's thesis, Department of Computer Science, University of Toronto, Canada."},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/1181309.1181311"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/800122.803961"},{"key":"e_1_2_1_67_1","volume-title":"Proceedings of the IASTED International Conference on Communication, Network and Information Security. 170--181","author":"Matthews J. N.","unstructured":"Matthews , J. N. , Herne , J. J. , Deshane , T. M. , Jablonski , P. A. , Cherian , L. R. , and Mccabe , M. T . 2005. Data protection and rapid recovery from attack with a virtual private file server and virtual machine appliances . In Proceedings of the IASTED International Conference on Communication, Network and Information Security. 170--181 . Matthews, J. N., Herne, J. J., Deshane, T. M., Jablonski, P. A., Cherian, L. R., and Mccabe, M. T. 2005. Data protection and rapid recovery from attack with a virtual private file server and virtual machine appliances. In Proceedings of the IASTED International Conference on Communication, Network and Information Security. 170--181."},{"key":"e_1_2_1_68_1","unstructured":"Microsoft. 2010. Microsoft security development lifecycle (SDL) threat modeling tool. http:\/\/www. microsoft.com\/security\/sdl\/adopt\/threatmodeling.aspx.  Microsoft. 2010. Microsoft security development lifecycle (SDL) threat modeling tool. http:\/\/www. microsoft.com\/security\/sdl\/adopt\/threatmodeling.aspx."},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294046.1294107"},{"key":"e_1_2_1_70_1","unstructured":"MSDN. 2010. Windows virtual pc interfaces. http:\/\/msdn.microsoft.com\/enus\/library\/dd796756(VS.85).aspx.  MSDN. 2010. Windows virtual pc interfaces. http:\/\/msdn.microsoft.com\/enus\/library\/dd796756(VS.85).aspx."},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.134"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/28.297924"},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2010.11"},{"key":"e_1_2_1_74_1","unstructured":"Omella A. A. 2006. Methods for virtual machine detection. Grupo S21sec Gesti\u00f3n SA. http:\/\/www.s21sec.com\/descargas\/vmware-eng.pdf.  Omella A. A. 2006. Methods for virtual machine detection. Grupo S21sec Gesti\u00f3n SA. http:\/\/www.s21sec.com\/descargas\/vmware-eng.pdf."},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.40"},{"key":"e_1_2_1_76_1","volume-title":"Proceedings of the CanSecWest Applied Security Conference. 1--10","author":"Ormandy T.","year":"2007","unstructured":"Ormandy , T. 2007 . An empirical study into the security exposure to hosts of hostile virtualized environments . In Proceedings of the CanSecWest Applied Security Conference. 1--10 . Ormandy, T. 2007. An empirical study into the security exposure to hosts of hostile virtualized environments. In Proceedings of the CanSecWest Applied Security Conference. 1--10."},{"key":"e_1_2_1_77_1","unstructured":"OWASP. 2010. (Open Web Application Security Project) OWASP threat risk modeling. http:\/\/www.owasp.org\/index.php\/Threat_Risk_Modeling.  OWASP. 2010. (Open Web Application Security Project) OWASP threat risk modeling. http:\/\/www.owasp.org\/index.php\/Threat_Risk_Modeling."},{"key":"e_1_2_1_78_1","volume-title":"Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC'07)","author":"Payne B. D.","unstructured":"Payne , B. D. , Carbone , M. D. P. D. A. , and Lee , W . 2007. Secure and flexible monitoring of virtual machines . In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC'07) . IEEE, 385--397. Payne, B. D., Carbone, M. D. P. D. A., and Lee, W. 2007. Secure and flexible monitoring of virtual machines. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC'07). IEEE, 385--397."},{"key":"e_1_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.135"},{"key":"e_1_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1145\/1063786.1063789"},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/945445.945464"},{"key":"e_1_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/361011.361073"},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2008.472"},{"key":"e_1_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.5555\/2396231.2396233"},{"key":"e_1_2_1_86_1","volume-title":"Proceedings of the International Workshop on Unanticipated Software Evolution. 1--18","author":"Rashid A.","unstructured":"Rashid , A. , Mens , T. , Buckley , J. , and Zenger , M . 2003. Towards a taxonomy of software evolution . In Proceedings of the International Workshop on Unanticipated Software Evolution. 1--18 . Rashid, A., Mens, T., Buckley, J., and Zenger, M. 2003. Towards a taxonomy of software evolution. In Proceedings of the International Workshop on Unanticipated Software Evolution. 1--18."},{"key":"e_1_2_1_87_1","unstructured":"Reuben J. 2007. A survey on virtual machine security. http:\/\/www.tml.tkk.fi\/Publications\/C\/25\/papers\/Reuben_final.pdf.  Reuben J. 2007. A survey on virtual machine security. http:\/\/www.tml.tkk.fi\/Publications\/C\/25\/papers\/Reuben_final.pdf."},{"key":"e_1_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653687"},{"key":"e_1_2_1_89_1","unstructured":"Rose R. 2004. Survey of system virtualization techniques. http:\/\/www.robertwrose.com\/vita\/rose-virtualization.pdf.  Rose R. 2004. Survey of system virtualization techniques. http:\/\/www.robertwrose.com\/vita\/rose-virtualization.pdf."},{"key":"e_1_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2005.176"},{"key":"e_1_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/356556.356559"},{"key":"e_1_2_1_92_1","unstructured":"Rutkowska J. and Tereshkin A. 2008. Bluepilling the xen hypervisor. http:\/\/invisiblethingslab.com\/bh08\/part3.pdf.  Rutkowska J. and Tereshkin A. 2008. Bluepilling the xen hypervisor. http:\/\/invisiblethingslab.com\/bh08\/part3.pdf."},{"key":"e_1_2_1_93_1","unstructured":"Rutkowska J. 2006. Subverting vista kernel for fun and profit. http:\/\/www.blackhat.com\/presentations\/bh-usa-06\/BH-US-06-Rutkowska.pdf.  Rutkowska J. 2006. Subverting vista kernel for fun and profit. http:\/\/www.blackhat.com\/presentations\/bh-usa-06\/BH-US-06-Rutkowska.pdf."},{"key":"e_1_2_1_94_1","volume-title":"In13th USENIX Security Symposium.","volume":"8","author":"Sailer R","year":"2004","unstructured":"Sailer , R , Zhang , X. , Jaeger , T. , and van Doorn , L. 2004 . Design and Implementation of a tcg-based integrity measurement architecture . In13th USENIX Security Symposium. Vol. 8 . Sailer, R, Zhang, X., Jaeger, T., and van Doorn, L. 2004. Design and Implementation of a tcg-based integrity measurement architecture. In13th USENIX Security Symposium. Vol. 8."},{"key":"e_1_2_1_95_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.13"},{"key":"e_1_2_1_96_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2009.07.001"},{"key":"e_1_2_1_97_1","first-page":"20","article-title":"Virtualisation worries","volume":"5","author":"Security N.","year":"2010","unstructured":"Security , N. 2010 . Virtualisation worries . Netw. Secur. 5 , 20 . Security, N. 2010. Virtualisation worries. Netw. Secur. 5, 20.","journal-title":"Netw. Secur."},{"key":"e_1_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294294"},{"key":"e_1_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653720"},{"key":"e_1_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542207.1542209"},{"key":"e_1_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(07)70092-2"},{"key":"e_1_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2005.173"},{"key":"e_1_2_1_103_1","doi-asserted-by":"publisher","DOI":"10.1145\/1815961.1816003"},{"key":"e_1_2_1_104_1","unstructured":"Sourceforge. 2010. Integrity measurement architecture (IMA) - SourceForge.net. http:\/\/sourceforge.net\/projects\/linux-ima\/.  Sourceforge. 2010. Integrity measurement architecture (IMA) - SourceForge.net. http:\/\/sourceforge.net\/projects\/linux-ima\/."},{"key":"e_1_2_1_105_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2005.05.006"},{"key":"e_1_2_1_106_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2010.07.006"},{"key":"e_1_2_1_107_1","volume-title":"Proceedings of the Usenix Annual Technical Conference.","volume":"7","author":"Sugerman J.","unstructured":"Sugerman , J. , Venkitachalam , G. , and Lim , B . -hong. 2001. Virtualizing i\/o devices on vmware workstation's hosted virtual machine monitor . In Proceedings of the Usenix Annual Technical Conference. Vol. 7 . USENIX Association, 1--15. Sugerman, J., Venkitachalam, G., and Lim, B.-hong. 2001. Virtualizing i\/o devices on vmware workstation's hosted virtual machine monitor. In Proceedings of the Usenix Annual Technical Conference. Vol. 7. USENIX Association, 1--15."},{"key":"e_1_2_1_108_1","unstructured":"TCG. 2010. Trusted computing group. http:\/\/www.trustedcomputinggroup.org\/.  TCG. 2010. Trusted computing group. http:\/\/www.trustedcomputinggroup.org\/."},{"key":"e_1_2_1_109_1","volume-title":"Proceedings of the 1st International Conference Future of Trust in Computing. 197","author":"Tomlinson C.","year":"2009","unstructured":"Tomlinson , C. 2009 . Trusted virtual disk images . In Proceedings of the 1st International Conference Future of Trust in Computing. 197 . Tomlinson, C. 2009. Trusted virtual disk images. In Proceedings of the 1st International Conference Future of Trust in Computing. 197."},{"key":"e_1_2_1_110_1","unstructured":"Trusted Computing Group. 2007. TPM Main Part 1 Design Principles Version 1.2 (Level 2 Revision 103). ReVision 182.  Trusted Computing Group. 2007. TPM Main Part 1 Design Principles Version 1.2 (Level 2 Revision 103). ReVision 182."},{"key":"e_1_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2005.163"},{"key":"e_1_2_1_112_1","volume-title":"Security considerations of commodity x86 virtualization","author":"Vaarala S.","unstructured":"Vaarala , S. 2006. Security considerations of commodity x86 virtualization . Helsinki University of Technology-Telecommunications . Vaarala, S. 2006. Security considerations of commodity x86 virtualization. Helsinki University of Technology-Telecommunications."},{"key":"e_1_2_1_113_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSE.2009.267"},{"key":"e_1_2_1_114_1","volume-title":"Proceedings of the 16th International Symposium on High-Performance Computer Architecture. IEEE, 1--10","author":"Vasan A.","unstructured":"Vasan , A. , Sivasubramaniam , A. , Shimpi , V. , Sivabalan , T. , and Subbiah , R . 2010. Worth their watts&quest; An empirical study of datacenter servers . In Proceedings of the 16th International Symposium on High-Performance Computer Architecture. IEEE, 1--10 . Vasan, A., Sivasubramaniam, A., Shimpi, V., Sivabalan, T., and Subbiah, R. 2010. Worth their watts&quest; An empirical study of datacenter servers. In Proceedings of the 16th International Symposium on High-Performance Computer Architecture. IEEE, 1--10."},{"key":"e_1_2_1_115_1","doi-asserted-by":"publisher","DOI":"10.5555\/1875652.1875663"},{"key":"e_1_2_1_116_1","unstructured":"VMware. 2010. VIX API. http:\/\/www.vmware.com\/support\/developer\/vix-api\/.  VMware. 2010. VIX API. http:\/\/www.vmware.com\/support\/developer\/vix-api\/."},{"key":"e_1_2_1_117_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISME.2010.176"},{"key":"e_1_2_1_118_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.20"},{"key":"e_1_2_1_119_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273440.1250723"},{"key":"e_1_2_1_120_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2005.169"},{"key":"e_1_2_1_121_1","volume-title":"1st Conference on Computer Security Incident Handling.","volume":"20","author":"Wimmer M.","year":"2008","unstructured":"Wimmer , M. 2008 . Virtual security . In 1st Conference on Computer Security Incident Handling. Vol. 20 . Wimmer, M. 2008. Virtual security. In 1st Conference on Computer Security Incident Handling. Vol. 20."},{"key":"e_1_2_1_122_1","volume-title":"Virtualization: A double-edged sword","author":"Wlodarz J. J.","year":"2007","unstructured":"Wlodarz , J. J. 2007 . Virtualization: A double-edged sword . http:\/\/arxiv.org\/abs\/0705.2786. Wlodarz, J. J. 2007. Virtualization: A double-edged sword. http:\/\/arxiv.org\/abs\/0705.2786."},{"key":"e_1_2_1_123_1","unstructured":"Wojtczuk R. and Rutkowska J. 2009. Attacking intel trusted execution technology. http:\/\/www. invisiblethingslab.com\/resources\/bh09dc\/Attacking Intel TXT-paper.pdf.  Wojtczuk R. and Rutkowska J. 2009. Attacking intel trusted execution technology. http:\/\/www. invisiblethingslab.com\/resources\/bh09dc\/Attacking Intel TXT-paper.pdf."},{"key":"e_1_2_1_124_1","unstructured":"Wu X. and Ma W. 2010. Hypervisor based detection and prevention for packed malware. http:\/\/www. ece.tamu.edu\/~tristanw\/files\/Wu_Xiaojian_Ma_Weiqin_Report.pdf.  Wu X. and Ma W. 2010. Hypervisor based detection and prevention for packed malware. http:\/\/www. ece.tamu.edu\/~tristanw\/files\/Wu_Xiaojian_Ma_Weiqin_Report.pdf."},{"key":"e_1_2_1_125_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_16"},{"key":"e_1_2_1_126_1","unstructured":"Yamahata I. 2008. Paravirt_ops on IA64. Kernel.org. http:\/\/www.kernel.org\/doc\/Documentation\/ia64\/paravirt_ops.txt.  Yamahata I. 2008. Paravirt_ops on IA64. Kernel.org. http:\/\/www.kernel.org\/doc\/Documentation\/ia64\/paravirt_ops.txt."},{"key":"e_1_2_1_127_1","doi-asserted-by":"publisher","DOI":"10.1109\/ChinaGrid.2010.47"},{"key":"e_1_2_1_128_1","first-page":"385","article-title":"Real security in virtual systems: A proposed model for a comprehensive approach to securing virtualized environments","author":"Yunis M.","year":"2008","unstructured":"Yunis , M. and Hughes , J. 2008 . Real security in virtual systems: A proposed model for a comprehensive approach to securing virtualized environments . Issues Inf. Syst. IX , 2, 385 -- 395 . Yunis, M. and Hughes, J. 2008. Real security in virtual systems: A proposed model for a comprehensive approach to securing virtualized environments. Issues Inf. Syst. IX, 2, 385--395.","journal-title":"Issues Inf. Syst."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2431211.2431216","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2431211.2431216","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:35:23Z","timestamp":1750235723000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2431211.2431216"}},"subtitle":["Issues, security threats, and solutions"],"short-title":[],"issued":{"date-parts":[[2013,2]]},"references-count":127,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2013,2]]}},"alternative-id":["10.1145\/2431211.2431216"],"URL":"https:\/\/doi.org\/10.1145\/2431211.2431216","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,2]]},"assertion":[{"value":"2011-01-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2011-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-03-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}