ReVirt
作者: George W. Dunlap , Samuel T. King , Sukru Cinar , Murtaza A. Basrai , Peter M. Chen
关键词: Intrusion 、 Operating system 、 Virtualization 、 Virtual machine 、 Overhead (business) 、 Dependency (UML) 、 Computer science 、 Embedded system 、 Logging 、 Hardware and Architecture
摘要: Current system loggers have two problems: they depend on the integrity of operating being logged, and do not save sufficient information to replay analyze attacks that include any non-deterministic events. ReVirt removes dependency target by moving it into a virtual machine logging below machine. This allows system's execution before, during, after an intruder compromises system, even if replaces system. logs enough long-term instruction-by-instruction. enables provide arbitrarily detailed observations about what transpired in presence executions. adds reasonable time space overhead. Overheads due virtualization are imperceptible for interactive use CPU-bound workloads, 13--58% kernel-intensive workloads. Logging 0--8% overhead, traffic our workloads can be stored single disk several months.
acm.org
sci-hub.se 参考文章(22)
Eric A. Brewer, David Wagner, Ian Goldberg, Randi Thomas, A secure environment for untrusted helper applications confining the Wily Hacker usenix security symposium. pp. 1- 1 ,(1996)
Peter M. Chen, Samuel T. King, Operating System Extensions to Support Host Based Virtual Machines ,(2000)
James S. Plank, Kai Li, Micah Beck, Gerry Kingsley, Libckpt: transparent checkpointing under Unix usenix annual technical conference. pp. 18- 18 ,(1995)
K. Ashcraft, D. Engler, Using programmer-written compiler extensions to catch security holes ieee symposium on security and privacy. pp. 143- 159 ,(2002) , 10.1109/SECPRI.2002.1004368
J.D. Strunk, G.R. Goodson, M.L. Scheinholtz, C.A.N. Soules, G.R. Ganger, Self-securing storage: protecting data in compromised systems Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems]. pp. 195- 209 ,(2003) , 10.1109/FITS.2003.1264933
P.M. Chen, B.D. Noble, When virtual is better than real [operating system relocation to virtual machines] Proceedings Eighth Workshop on Hot Topics in Operating Systems. pp. 133- 138 ,(2001) , 10.1109/HOTOS.2001.990073
Jeremy Sugerman, Beng-Hong Lim, Ganesh Venkitachalam, Virtualizing I/O Devices on VMware Workstation's Hosted Virtual Machine Monitor usenix annual technical conference. pp. 1- 14 ,(2001)
Jeff Dike, A user-mode port of the linux kernel ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4. pp. 7- 7 ,(2000)
Leblanc, Mellor-Crummey, Debugging Parallel Programs with Instant Replay IEEE Transactions on Computers. ,vol. 36, pp. 471- 482 ,(1987) , 10.1109/TC.1987.1676929
Kinshuk Govil, Dan Teodosiu, Yongqiang Huang, Mendel Rosenblum, Cellular disco ACM Transactions on Computer Systems. ,vol. 18, pp. 229- 262 ,(2000) , 10.1145/354871.354873