Virtual machine introspection: towards bridging the semantic gap
详细信息    查看全文
  • 作者:Asit More (1)
    Shashikala Tapaswi (1)

    1. ABV- Indian Institute of Information Technology & Management     ; Gwalior ; 474015 ; India
  • 关键词:Virtual machine introspection
  • 刊名:Journal of Cloud Computing
  • 出版年:2014
  • 出版时间:December 2014
  • 年:2014
  • 卷:3
  • 期:1
  • 全文大小:640 KB
  • 参考文献:1. Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection In: NDSS. The Internet Society, San Diego, California, ISBN 1-891562-15-0. http://www.isoc.org/isoc/conferences/ndss/03/proceedings/papers/13.pdf .
    2. Chen, PM, Noble, BD (2001) When virtual is better than real. Hot Topics in Operating Systems, 2001. Proceedings of the Eighth Workshop on. IEEE Computer Society, Los Alamitos, CA, pp. 0133-0133 CrossRef
    3. Pfoh, J, Schneider, C, Eckert, C (2011) Nitro: hardware-based system call tracing for virtual machines. Proceedings of the 6th International Conference on Advances in Information and Computer Security, IWSEC鈥?1. Springer-Verlag, Berlin, Heidelberg, pp. 96-112 CrossRef
    4. Carbone, M, Conover, M, Montague, B, Lee, W Secure and robust monitoring of virtual machines through guest-assisted introspection. In: Balzarotti, D, Stolfo, SJ, Cova, M eds. (2012) Research in attacks, intrusions, and defenses. Lecture Notes in Computer Science. Springer, Berlin Heidelberg, pp. 22-41 CrossRef
    5. Butt, S, Lagar-Cavilla, HA, Srivastava, A, Ganapathy, V (2012) Self-service cloud computing. Proceedings of the ACM Conference on Computer and Communications Security. Raleigh, North Carolina. ACM, Raleigh, New York, NY, pp. 253-264
    6. Harrison, C, Cook, D, McGraw, R, Hamilton, JA (2012) Constructing a cloud-based IDS by merging VMI with FMA. Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on. IEEE, Liverpool, pp. 163-169 CrossRef
    7. Xen (2012) Xen homepage. http://www.xen.org/ . Accessed date 15 March 2013.
    8. Ware VM (2012) Vmware esx homepage. http://www.vmware.com/files/pdf/VMware\-ESX\-and\-VMware\-ESXi\-DS\-EN.pdf . Accessed date 15 March 2013.
    9. Microsoft (2012) Microsoft hyper -v homepage. http://www.microsoft.com/en-us/server-cloud/hyper-v-server/default.aspx . Accessed date 15 March 2013.
    10. KVM (2012) Linux kvm homepage. http://www.linux-kvm.org/page/Main\_Page . Accessed date 15 March 2013.
    11. Qemu (2012) Qemu homepage. http://wiki.qemu.org/Main\_Page. Accessed date 15 March 2013.
    12. Ware VM (2012) Vmware workstation overview. http://www.vmware.com/products/workstation/overview.html . Accessed date 15 March 2013.
    13. Payne, BD, de Carbone, MDP, Lee, W (2007) Secure and flexible monitoring of virtual machines. Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual. IEEE, Miami Beach, FL, pp. 385-397 CrossRef
    14. Neugschwandtner, M, Platzer, C, Comparetti, P, Bayer, U danubis 鈥?dynamic device driver analysis based on virtual machine introspection. In: Kreibich, C, Jahnke, M eds. (2010) Detection of Intrusions and Malware, and Vulnerability Assessment, volume 6201 of Lecture Notes in Computer Science. Springer, Berlin Heidelberg, pp. 41-60
    15. Jiang, X, Wang, X, Xu, D (2007) Stealthy malware detection through vmm-based 鈥渙ut-of-the-box鈥?semantic view reconstruction. Proceedings of the 14th ACM conference on Computer and communications security, CCS 鈥?7. ACM, New York, NY, USA, pp. 128-138 CrossRef
    16. Intel (2012) Intel virtualization technology. http://www.intel.com/technology/virtualization .
    17. Pfoh, J, Schneider, C, Eckert, C (2010) Exploiting the x86 architecture to derive virtual machine state information. Proceedings of the 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies SECURWARE 鈥?0. IEEE Computer Society, Washington, DC, USA, pp. 166-175 CrossRef
    18. Bitvisor (2012) Bitvisor hypervisor home page. http://www.bitvisor.org/ . Accessed date 15 March 2013.
    19. Bahram, S, Jiang, X, Wang, Z, Grace, M, Li, J, Srinivasan, D, Rhee, J, Xu, D (2010) DKSM: subverting virtual machine introspection for fun and profit. Proceedings of the 2010 29th IEEE Symposium on Reliable Distributed Systems, SRDS 鈥?0. IEEE Computer Society, Washington, DC, pp. 82-91 CrossRef
    20. Dinaburg A, Royal P, Sharif M, Lee W (2008) Ether: malware analysis via hardware virtualization extensions In: Proceedings of the 15th ACM conference on Computer and communications security, CCS 鈥?8, 51鈥?2, ACM, New York, NY, USA. ISBN 978-1-59593-810-7. doi:10.1145/1455770.1455779 http://doi.acm.org/10.1145/1455770.1455779.
    21. Payne, BD, Carbone, M, Sharif, M, Lee, W (2008) Lares: an architecture for secure active monitoring using virtualization. Proceedings of the 2008 IEEE Symposium on Security and Privacy. IEEE Computer Society, Washington, DC, pp. 233-247 CrossRef
    22. Sharif, MI, Lee, W, Cui, W, Lanzi, A (2009) Secure in-vm monitoring using hardware virtualization. Proceedings of the 16th ACM conference on Computer and communications security, CCS 鈥?9. ACM, New York, NY, USA, pp. 477-487 CrossRef
    23. Baiardi, F, Maggiari, D, Sgandurra, D, Tamberi, F (2009) PsycoTrace: virtual and transparent monitoring of a process self. Proceedings of the 2009 17th Euromicro International Conference on Parallel, Distributed and Network-based Processing. IEEE Computer Society, Washington, DC, pp. 393-397
    24. Bison (2012) Bison - gnu parser generator. http://www.gnu.org/software/bison/ . Accessed date 15 March 2013.
    25. Gu, Z, Deng, Z, Xu, D, Jiang, X (2011) Process implanting: a new active introspection framework for virtualization. Proceedings of the 2011 IEEE 30th International Symposium on Reliable Distributed Systems, SRDS 鈥?1. IEEE Computer Society, Washington, DC, USA, pp. 147-156 CrossRef
    26. Carbone, M, Conover, M, Montague, B, Lee, W (2012) Secure and robust monitoring of virtual machines through guest-assisted introspection. Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses, RAID鈥?2. Springer-Verlag, Berlin, Heidelberg, pp. 22-41 CrossRef
    27. Dolan-Gavitt, B, Leek, T, Zhivich, M, Giffin, J, Lee, W (2011) Virtuoso: narrowing the semantic gap in virtual machine introspection. Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP 鈥?1. IEEE Computer Society, Washington, DC, USA, pp. 297-312 CrossRef
    28. Benninger, C, Neville, SW, Yazir, YO, Matthews, C, Coady, Y (2012) Maitland: Lighter-weight VM introspection to support cyber-security in the cloud. Cloud Computing (CLOUD) 2012 IEEE 5th International Conference on. IEEE, Honolulu, HI, pp. 471-478 CrossRef
    29. Srinivasan, D, Wang, Z, Jiang, X, Xu, D (2011) Process out-grafting: an efficient 鈥渙ut-of-vm鈥?approach for fine-grained process execution monitoring. Proceedings of the 18th ACM conference on Computer and communications security, CCS 鈥?1. ACM, New York, NY, USA, pp. 363-374
    30. Fu, Y, Lin, Z (2012) Space traveling across vm: Automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection. Security and Privacy (SP) 2012 IEEE Symposium on. IEEE, doi:10.1109/SP.2012.40, pp. 586-600 CrossRef
    31. Chow, J, Pfaff, B, Garfinkel, T, Christopher, K, Rosenblum, M (2004) Understanding data lifetime via whole system simulation. Proceedings of the 13th conference on USENIX Security Symposium - Volume 13, SSYM鈥?4. USENIX Association, Berkeley, CA, USA, pp. 22-22
    32. Newsome, J (2005) Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Proc. of the 14th Annual Network and Distributed System Security Symposium (NDSS鈥?5). The Internet Society, San Diego, California
    33. Intel (2005) Intel庐; Virtualization Technology Specification for the IA-32 Intel庐; Architecture.
    34. Fraser, T, Evenson, MR, Arbaugh, WA (2008) VICI virtual machine introspection for cognitive immunity. Computer Security Applications Conference, 2008. ACSAC 2008, Annual. IEEE, Anaheim, CA, pp. 87-96 CrossRef
    35. Wen, Y, Zhao, J, Wang, H, Cao, J Implicit detection of hidden processes with a feather-weight hardware-assisted virtual machine monitor. In: Mu, Y, Susilo, W, Seberry, J eds. (2008) Information Security and Privacy, volume 5107 of Lecture Notes in Computer Science. Springer, Berlin Heidelberg, pp. 361-375
    36. Vaculin R, Sycara K (2008) Semantic web services monitoring: An owl-s based approach In: Hawaii International Conference on System Sciences.. IEEE Computer Society.
    37. Ando, R, Kadobayashi, Y, Shinoda, Y (2008) An enhancement of trusted domain enforcement using VMM interruption mechanism. Young Computer Scientists, 2008. ICYCS 2008. The 9th International Conference for. IEEE, Hunan, pp. 2222-2229
    38. Zhao, F, Jiang, Y, Xiang, G, Jin, H, Jiang, W (2009) Vrfps: a novel virtual machine-based real-time file protection system. Software Engineering Research, Management and Applications, 2009. SERA 鈥?9. 7th ACIS International Conference on. IEEE, Haikou, pp. 217-224 CrossRef
    39. Tymoshyk, N, Tymoshyk, R, Piskozub, A, Khromchak, P, Pyvovarov, V, Novak, A (2009) Monitoring of malefactor鈥檚 activity in virtualized honeypots on the base of semantic transformation in Qemu hypervisor. Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, 2009. IDAACS 2009. IEEE International Workshop on. IEEE, Rende, pp. 370-374
    40. Lengyel, A, Neumann, J, Maresca, S, Payne, BD, Kiayias, A (2012) Virtual machine introspection in a hybrid Honeypot architecture. Presented as part of the 5th Workshop on Cyber Security Experimentation and Test. USENIX, Berkeley, CA
  • 刊物主题:Computer Communication Networks; Special Purpose and Application-Based Systems; Information Systems Applications (incl. Internet); Computer Systems Organization and Communication Networks; Computer System Implementation; Software Engineering/Programming and Operating Systems;
  • 出版者:Springer Berlin Heidelberg
  • ISSN:2192-113X
文摘
Virtual machine introspection is a technique used to inspect and analyse the code running on a given virtual machine. Virtual machine introspection has gained considerable attention in the field of computer security research. In recent years, it has been applied in various areas, ranging from intrusion detection and malware analysis to complete cloud monitoring platforms. A survey of existing virtual machine introspection tools is necessary to address various possible research gaps and to focus on key features required for wide application of virtual machine introspection techniques. In this paper, we focus on the evolution of virtual machine introspection tools and their ability to address the semantic gap problem.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700