2, it can be seen that the environment of VDSM typically includes Virtual Hardware, Hypervisor, Virtual Machine and DSM component.
DSM Modules: DSM is the main component of VDSM, it includes two parts of FrontDriver and BackDriver, implemented by several modules respectively.
We have implemented our prototype system of VDSM on x86 architecture and Xen 4.1.2 platform.
VDSM parse the underlying physical raw memory allocated to GVM and reconstruct high-level semantic view.
As mentioned in Section III, VDSM is designed to perform lightweight detection of rootkit.
The library makes the VDSM more modular, it is easier to recompile, and convenient to upgrade.
VDSM provides a generic, systematic methodology that can be applied to various OSes and virtualization platforms.
Third, VDSM performs the traversal of process list (lines 9-19).
Then we attach the snapshot and run VDSM in SVM to reconstruct semantic view based on the observation and analysis of GVM address space.
VDSM is deployed out of GVM and performed on virtualization level, so is trusted and has high temper-resistance.
In this section, we will evaluate VDSM using a number of different criteria: effectiveness, performance and portability.
We took 13 commonly used OS version to demonstrate its practicality and effectiveness of VDSM prototype.