CMPS223 Final Project Virtual Machine Introspection Techniques

نویسنده

Michael Sevilla

چکیده

This work is a survey of Virtual Machine (VM) introspection, a necessary tool when utilizing VMs for security purposes. In the the rest of this section, we discuss traditional techniques for dealing with malware and the appeals of using a VM in a security context. In Section 2, we outline the main problem for using VMs for security called the semantic gap. In Section 3, we analyze 3 related approaches to VM introspection and focus on their advantages and limitations. In Section 4 we show how to leverage existing tools to implement a small rootkit detector.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring

Security requirements in the cloud have led to the development of new monitoring techniques that can be broadly categorized as virtual machine introspection (VMI) techniques. VMI monitoring aims to provide high-fidelity monitoring while keeping the monitor secure by leveraging the isolation provided by virtualization. This work shows that not all hypervisor activity is hidden from the guest vir...

متن کامل

LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis

Dynamic-analysis techniques have become the linchpins of modern malware analysis. However, software-based methods have been shown to expose numerous artifacts, which can either be detected and subverted, or potentially interfere with the analysis altogether, making their results untrustworthy. The need for less-intrusive methods of analysis has led many researchers to utilize introspection in p...

متن کامل

Survey: Virtual Machine Introspection Based System Monitoring and Malware Detection Techniques

In recent years, modern malware are growing powerful. It is very common to see them subvert their victim machine’s security tools upon installation. Traditionally, one can solve this problem by moving critical security services into network so that they are isolated from monitored host and attackers. However, this will result in a poor review of what’s happening inside the host. To address this...

متن کامل

VMI-PL: A monitoring language for virtual platforms using virtual machine introspection

With the growth of virtualization and cloud computing, more and more forensic investigations rely on being able to perform live forensics on a virtual machine using virtual machine introspection (VMI). Inspecting a virtual machine through its hypervisor enables investigation without risking contamination of the evidence, crashing the computer, etc. To further access to these techniques for the ...

متن کامل

Improving I/O Performance using Virtual Disk Introspection

Storage consolidation due to server virtualization puts stringent new requirements on Storage Array (SA) performance. Virtualized workloads require new performance optimizations that cannot be totally addressed by merely using expensive hardware such as SSDs. This position paper presents Virtual Machine Disk Image (VMDI) introspection—a key technique for implementing a variety of virtualization...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2012

CMPS223 Final Project Virtual Machine Introspection Techniques

نویسنده

چکیده

منابع مشابه

Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring

LO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis

Survey: Virtual Machine Introspection Based System Monitoring and Malware Detection Techniques

VMI-PL: A monitoring language for virtual platforms using virtual machine introspection

Improving I/O Performance using Virtual Disk Introspection

عنوان ژورنال:

اشتراک گذاری