Reliable Library Identification Using VMI Techniques

For cloud providers it is important to offer services that safeguard their users from existing vulnerabilities. Research has shown that is not uncommon for libraries to contain vulnerabilities that can have serious security implications. Traditional host based vulnerability scanners can be used to identify such vulnerable libraries. However, these scanners require the user to install and maintain the software. Our research explores the feasibility of implementing a reliable library identification scanner based on virtual machine introspection (VMI) techniques provided by LibVMI, which would not require such user intervention. We start by creating a program that combines the VMI techniques to extract a running library from a virtual machine’s memory with an implementation of a library identification method based on all the printable strings contained in the library’s binary. We then test the accuracy of our program and evaluate its performance by doing measurements of several indicators under different system loads. Our experiments show that our method can extract and accurately identify libraries within a few milliseconds.