Leveraging Forensic Tools for Virtual Machine Introspection
作者: Brendan Dolan-Gavitt , Wenke Lee , Bryan Payne
DOI:
关键词: Digital forensics 、 Software 、 Isolation (database systems) 、 Semantic gap 、 Computer science 、 Virtual machine introspection 、 Data science 、 Virtualization 、 World Wide Web 、 Interface (Java) 、 Field (computer science)
摘要: Virtual machine introspection (VMI) has formed the basis of a number novel approaches to security in recent years. Although isolation provided by virtualized environment provides improved security, software that makes use VMI must overcome semantic gap, reconstructing high-level state information from low-level data sources such as physical memory. The digital forensics community likewise grappled with gap problems field forensic memory analysis (FMA), which seeks extract forensically relevant dumps In this paper, we will show work done is directly applicable problem, and providing an interface between two worlds, difficulty developing new virtualization solutions can be significantly reduced.
参考文章(11)
Remzi H. Arpaci-Dusseau, Andrea C. Arpaci-Dusseau, Stephen T. Jones, Antfarm: tracking processes in a virtual machine environment usenix annual technical conference. pp. 1- 1 ,(2006)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
R.B. van Baar, W. Alink, A.R. van Ballegooij, Forensic memory analysis: Files mapped in memory Digital Investigation. ,vol. 5, ,(2008) , 10.1016/J.DIIN.2008.05.014
Andreas Schuster, Searching for processes and threads in Microsoft Windows memory dumps Digital Investigation. ,vol. 3, pp. 10- 16 ,(2006) , 10.1016/J.DIIN.2006.06.010
Xuxian Jiang, Xinyuan Wang, Dongyan Xu, Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction computer and communications security. pp. 128- 138 ,(2007) , 10.1145/1315245.1315262
Brendan Dolan-Gavitt, Forensic analysis of the Windows registry in memory digital forensic research workshop. ,vol. 5, ,(2008) , 10.1016/J.DIIN.2008.05.003
Abhinav Srivastava, Jonathon Giffin, Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections recent advances in intrusion detection. pp. 39- 58 ,(2008) , 10.1007/978-3-540-87403-4_3
Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee, Ether Proceedings of the 15th ACM conference on Computer and communications security - CCS '08. pp. 51- 62 ,(2008) , 10.1145/1455770.1455779
Bryan D. Payne, Martim Carbone, Monirul Sharif, Wenke Lee, Lares: An Architecture for Secure Active Monitoring Using Virtualization ieee symposium on security and privacy. pp. 233- 247 ,(2008) , 10.1109/SP.2008.24
Ashlesha Joshi, Samuel T. King, George W. Dunlap, Peter M. Chen, Detecting past and present intrusions through vulnerability-specific predicates symposium on operating systems principles. ,vol. 39, pp. 91- 104 ,(2005) , 10.1145/1095809.1095820