A formal model for virtual machine introspection
作者: Jonas Pfoh , Christian Schneider , Claudia Eckert
关键词:
摘要: Virtual machine introspection (VMI) describes the method of monitoring and analyzing state a virtual from hypervisor level. In this paper, we present formal discussion development VMI-based security applications. We begin by identifying three major challenges that all applications must overcome. The main contribution our work is definition model for describing VMI techniques. This broken down in such way allows thorough any approach with regard to each challenges. Then, specify design patterns interpreting information using model. argue these are complete, is, they cover possible methods interpretation. properties thoroughly discussed so pros cons their application may be fully understood. Finally, describe discuss an ideal intrusion detection system detail practical implications building system.
acm.org
sci-hub.se 参考文章(14)
Remzi H. Arpaci-Dusseau, Andrea C. Arpaci-Dusseau, Stephen T. Jones, Antfarm: tracking processes in a virtual machine environment usenix annual technical conference. pp. 1- 1 ,(2006)
Christopher M. Bishop, Pattern Recognition and Machine Learning (Information Science and Statistics) Springer-Verlag New York, Inc.. ,(2006)
David Lie, Lionel Litty, H. Andrés Lagar-Cavilla, Hypervisor support for identifying covertly executing binaries usenix security symposium. pp. 243- 258 ,(2008)
Wenke Lee, Salvatore J. Stolfo, Data mining approaches for intrusion detection usenix security symposium. pp. 6- 6 ,(1998) , 10.21236/ADA401496
Peter Szor, The Art of Computer Virus Research and Defense ,(2005)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Christopher M. Bishop, Pattern Recognition and Machine Learning ,(2006)
P.M. Chen, B.D. Noble, When virtual is better than real [operating system relocation to virtual machines] Proceedings Eighth Workshop on Hot Topics in Operating Systems. pp. 133- 138 ,(2001) , 10.1109/HOTOS.2001.990073
Brian Hay, Kara Nance, Forensics examination of volatile system data using virtual introspection ACM SIGOPS Operating Systems Review. ,vol. 42, pp. 74- 82 ,(2008) , 10.1145/1368506.1368517
Lionel Litty, David Lie, Manitou Proceedings of the 1st workshop on Architectural and system support for improving software dependability - ASID '06. pp. 6- 11 ,(2006) , 10.1145/1181309.1181311