Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection
作者: Yangchun Fu , Zhiqiang Lin
DOI: 10.1109/SP.2012.40
关键词:
摘要: It is generally believed to be a tedious, time consuming, and error-prone process develop virtual machine introspection (VMI) tool manually because of the semantic gap. Recent advances in Virtuoso show that we can largely narrow But it still cannot completely automate VMI generation. In this paper, present VMST, an entirely new technique automatically bridge gap generate tools. The key idea that, through system wide instruction monitoring, identify related data redirect these accesses in-guest kernel memory. VMST offers number features capabilities. Particularly, enables inspection program become program. We have tested over 15 commonly used utilities on top 20 different Linux kernels. experimental results our general (largely OS-agnostic), introduces 9.3X overhead average for introspected compared native non-redirected one.
ieee-security.org
computer.org
utdallas.edu 参考文章(39)
Heng Yin, Dawn Song, TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution ,(2010)
David A. Molnar, Michael Y. Levin, Patrice Godefroid, Automated Whitebox Fuzz Testing. network and distributed system security symposium. ,(2008)
William A. Arbaugh, Timothy Fraser, Nick L. Petroni, Jesus Molina, Copilot - a coprocessor-based kernel runtime integrity monitor usenix security symposium. pp. 13- 13 ,(2004)
Xuxian Jiang, Dongyan Xu, Zhiqiang Lin, Xiangyu Zhang, Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. network and distributed system security symposium. ,(2008)
Tal Garfinkel, Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. network and distributed system security symposium. ,(2003)
Juan Caballero, Noah M. Johnson, Stephen McCamant, Dawn Song, Binary Code Extraction and Interface Identification for Security Applications network and distributed system security symposium. ,(2009) , 10.21236/ADA538737
Tal Garfinkel, Mendel Rosenblum, Kevin Christopher, Ben Pfaff, Jim Chow, Understanding data lifetime via whole system simulation usenix security symposium. pp. 22- 22 ,(2004)
Niels Provos, Improving host security with system call policies usenix security symposium. pp. 18- 18 ,(2003)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Maurice J. Bach, The Design of the UNIX Operating System ,(1986)