The existing solutions to identify kernel level rootkits will not work if the observing kernel is compromised, because the detection system is also run on the same kernel.XenKIMONO is try to address this issue by isolating the detection system from observing kernel.
XenKIMONO uses the features of Dom0 in xen virtual machine to isolate detection system from observing kernel.Dom0 is a privileged domain run with other DomUs on top of xen virtual machine which has the access to the DomUs.
So XenKIMONO tries to overcome the issue of compromised kernel by locating the XenKIMONO on Dom0.
XenKIMONO uses several techniques to identify rootkits,
