Virtual Machine Introspection: Techniques and Applications
作者: Yacine Hebbal , Sylvie Laniepce , Jean-Marc Menaud
DOI: 10.1109/ARES.2015.43
关键词:
摘要: Virtual Machine Introspection (VMI) is a technique that enables monitoring virtual machines at the hypervisor layer. This concept has gained recently considerable focus in computer security research due to its complete but semantic less visibility on activities and isolation from them. VMI works range addressing gap problem leveraging explored techniques order provide novel hypervisor-based services belong different fields. paper aims survey classify existing their applications.
ieeecomputersociety.org参考文章(54)
Jonas Pfoh, Christian Schneider, Claudia Eckert, Nitro: Hardware-Based System Call Tracing for Virtual Machines Advances in Information and Computer Security. pp. 96- 112 ,(2011) , 10.1007/978-3-642-25141-2_7
Lingchen Zhang, Sachin Shetty, Peng Liu, Jiwu Jing, RootkitDet: Practical End-to-End Defense against Kernel Rootkits in a Cloud Environment european symposium on research in computer security. pp. 475- 493 ,(2014) , 10.1007/978-3-319-11212-1_27
Martim Carbone, Matthew Conover, Bruce Montague, Wenke Lee, Secure and Robust Monitoring of Virtual Machines through Guest-Assisted Introspection Research in Attacks, Intrusions, and Defenses. pp. 22- 41 ,(2012) , 10.1007/978-3-642-33338-5_2
Remzi H. Arpaci-Dusseau, Andrea C. Arpaci-Dusseau, Stephen T. Jones, Antfarm: tracking processes in a virtual machine environment usenix annual technical conference. pp. 1- 1 ,(2006)
Ryan Riley, Xuxian Jiang, Dongyan Xu, Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing recent advances in intrusion detection. pp. 1- 20 ,(2008) , 10.1007/978-3-540-87403-4_1
David Urbina, Yufei Gu, Juan Caballero, Zhiqiang Lin, SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification european symposium on research in computer security. pp. 237- 256 ,(2014) , 10.1007/978-3-319-11212-1_14
Yingxin Cheng, Xiao Fu, Bin Luo, Rui Yang, Hao Ruan, Investigating the Hooking Behavior: A Page-Level Memory Monitoring Method for Live Forensics international conference on information security. pp. 255- 272 ,(2014) , 10.1007/978-3-319-13257-0_15
Timothy W. Curry, Profiling and tracing dynamic library usage via interposition usenix summer technical conference. pp. 18- 18 ,(1994)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
David Lie, Lionel Litty, H. Andrés Lagar-Cavilla, Hypervisor support for identifying covertly executing binaries usenix security symposium. pp. 243- 258 ,(2008)