X-TIER: Kernel Module Injection
作者: Sebastian Vogl , Fatih Kilic , Christian Schneider , Claudia Eckert
DOI: 10.1007/978-3-642-38631-2_15
关键词: x86 、 Computer science 、 Hypervisor 、 Overhead (computing) 、 Semantic gap 、 Kernel (statistics) 、 Virtual machine 、 Embedded system 、 Operating system 、 Virtualization 、 Storage hypervisor
摘要: In spite of the fact that security applications can greatly benefit from virtualization, hypervisor-based solutions remain sparse. The main cause for this is semantic gap, which makes development cumbersome, error-prone, and time-consuming. paper, we present X-TIER, a framework enables to bridge gap by injecting kernel modules outside into running virtual machine (VM). While previous approaches reading objects memory, X-TIER goes beyond such work allows injected code manipulate guest operating system (OS) state even call functions without sacrificing overall security. We have implemented prototype on x86 architecture supports module injection Windows Linux guests. evaluation our shows only incurs very small performance overhead, leaves no traces within system, provides access all exported OS data structures functions. Consequently, mechanism well-suited creating applications.
springer.com
core.ac.uk
sci-hub.st 参考文章(17)
Jonas Pfoh, Christian Schneider, Claudia Eckert, Nitro: Hardware-Based System Call Tracing for Virtual Machines Advances in Information and Computer Security. pp. 96- 112 ,(2011) , 10.1007/978-3-642-25141-2_7
Martim Carbone, Matthew Conover, Bruce Montague, Wenke Lee, Secure and Robust Monitoring of Virtual Machines through Guest-Assisted Introspection Research in Attacks, Intrusions, and Defenses. pp. 22- 41 ,(2012) , 10.1007/978-3-642-33338-5_2
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
P.M. Chen, B.D. Noble, When virtual is better than real [operating system relocation to virtual machines] Proceedings Eighth Workshop on Hot Topics in Operating Systems. pp. 133- 138 ,(2001) , 10.1109/HOTOS.2001.990073
Zhongshu Gu, Zhui Deng, Dongyan Xu, Xuxian Jiang, Process Implanting: A New Active Introspection Framework for Virtualization symposium on reliable distributed systems. pp. 147- 156 ,(2011) , 10.1109/SRDS.2011.26
Xuxian Jiang, Xinyuan Wang, Dongyan Xu, Stealthy malware detection and monitoring through VMM-based “out-of-the-box” semantic view reconstruction ACM Transactions on Information and System Security. ,vol. 13, pp. 12- ,(2010) , 10.1145/1698750.1698752
Martim Carbone, Weidong Cui, Long Lu, Wenke Lee, Marcus Peinado, Xuxian Jiang, Mapping kernel objects to enable systematic integrity checking computer and communications security. pp. 555- 565 ,(2009) , 10.1145/1653662.1653729
Yangchun Fu, Zhiqiang Lin, Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection ieee symposium on security and privacy. pp. 586- 600 ,(2012) , 10.1109/SP.2012.40
Jonas Pfoh, Christian Schneider, Claudia Eckert, A formal model for virtual machine introspection Proceedings of the 1st ACM workshop on Virtual machine security. pp. 1- 10 ,(2009) , 10.1145/1655148.1655150
Brendan Dolan-Gavitt, Tim Leek, Michael Zhivich, Jonathon Giffin, Wenke Lee, Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection ieee symposium on security and privacy. pp. 297- 312 ,(2011) , 10.1109/SP.2011.11