Resumen
Currently, cloud computing technology is implemented by many industries in the world. This technology is very promising due to many companies only need to provide relatively smaller capital for their IT infrastructure. Virtualization is the core of cloud computing technology. Virtualization allows one physical machine to runs multiple operating systems. As a result, they do not need a lot of physical infrastructures (servers). However, the existence of virtualization could not guarantee that system failures in the guest operating system can be avoided. In this paper, we discuss the monitoring of hangs in the guest operating system in a virtualized environment without installing a monitoring agent in the guest operating system. There are a number of forensic applications that are useful for analyzing memory, CPU, and I/O, and one of it is called as LibVMI. Drakvuf, black-box binary analysis system, utilizes LibVMI to secure the guest OS. We use the LibVMI library through Drakvuf plugins to monitor processes running on the guest operating system. Therefore, we create a new plugin to Drakvuf to detect Hangs on the guest operating system running on the Xen Hypervisor. The experiment reveals that our application is able to monitor the guest operating system in real-time. However, Extended Page Table (EPT) violations occur during the monitoring process. Consequently, we need to activate the altp2m feature on Xen Hypervisor to by minimizing EPT violations.