A Survey on Hypervisor-Based Monitoring: Approaches, Applications, and Evolutions
作者: Erick Bauman , Gbadebo Ayoade , Zhiqiang Lin
DOI: 10.1145/2775111
关键词: Malware 、 Virtual machine 、 Software engineering 、 Computer security 、 Hypervisor 、 Computer science 、 Automation 、 Semantic gap 、 Tracing 、 Bridging (networking) 、 Virtualization
摘要: When designing computer monitoring systems, one goal has always been to have a complete view of the monitored target and at same time stealthily protect monitor itself. One way achieve this is use hypervisor-based, or more generally out virtual machine (VM)-based, monitoring. There are, however, challenges that limit mechanism; most significant these semantic gap problem. Over past decade, considerable amount research carried bridge develop all kinds out-of-VM techniques applications. By tracing evolution security solutions, article examines classifies different approaches proposed overcome gap—the fundamental challenge in hypervisor-based monitoring—and how they used various In particular, we review address constraints, such as practicality, flexibility, coverage, automation, while bridging gap; developed systems; systems applied deployed. addition systematizing techniques, also discuss remaining problems shed light on future directions
acm.org
utdallas.edu 
sci-hub.se 参考文章(108)
Weidong Cui, Marcus Peinado, Ellick Chan, Zhilei Xu, Tracking rootkit footprints with a practical memory analysis system usenix security symposium. pp. 42- 42 ,(2012)
Roberto Paleari, Lorenzo Martignoni, Matt Fredrikson, Emanuele Passerini, Somesh Jha, Jon Giffin, Drew Davidson, Automatic generation of remediation procedures for malware infections usenix security symposium. pp. 27- 27 ,(2010)
Martim Carbone, Matthew Conover, Bruce Montague, Wenke Lee, Secure and Robust Monitoring of Virtual Machines through Guest-Assisted Introspection Research in Attacks, Intrusions, and Defenses. pp. 22- 41 ,(2012) , 10.1007/978-3-642-33338-5_2
Remzi H. Arpaci-Dusseau, Andrea C. Arpaci-Dusseau, Stephen T. Jones, Antfarm: tracking processes in a virtual machine environment usenix annual technical conference. pp. 1- 1 ,(2006)
William A. Arbaugh, Timothy Fraser, Nick L. Petroni, AAron Walters, An architecture for specification-based detection of semantic integrity violations in kernel dynamic data usenix security symposium. pp. 20- ,(2006)
Fabian Monrose, Srinivas Krishnan, Kevin Z. Snow, Niels Provos, SHELLOS: enabling fast detection and forensic analysis of code injection attacks usenix security symposium. pp. 9- 9 ,(2011)
Ryan Riley, Xuxian Jiang, Dongyan Xu, Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing recent advances in intrusion detection. pp. 1- 20 ,(2008) , 10.1007/978-3-540-87403-4_1
Wenke Lee, Monirul I. Sharif, Andrea Lanzi, K-Tracer: A System for Extracting Kernel Malware Behavior. network and distributed system security symposium. ,(2009)
William A. Arbaugh, Timothy Fraser, Nick L. Petroni, Jesus Molina, Copilot - a coprocessor-based kernel runtime integrity monitor usenix security symposium. pp. 13- 13 ,(2004)
Rafal Wojtczuk, Subverting the Xen hypervisor ,(2008)