A Retrospective on the VAX VMM Security Kernel
IEEE Transactions on Software Engineering
Exploiting process lifetime distributions for dynamic load balancing
ACM Transactions on Computer Systems (TOCS)
Progress-based regulation of low-importance processes
Proceedings of the seventeenth ACM symposium on Operating systems principles
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Detecting Stealth Software with Strider GhostBuster
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Geiger: monitoring the buffer cache in a virtual machine environment
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Antfarm: tracking processes in a virtual machine environment
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
A Layered Architecture for Detecting Malicious Behaviors
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Efficiently tracking application interactions using lightweight virtualization
Proceedings of the 1st ACM workshop on Virtual machine security
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
Task-aware virtual machine scheduling for I/O performance.
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
BitVisor: a thin hypervisor for enforcing i/o device security
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Building a self-healing embedded system in a multi-OS environment
Proceedings of the 2009 ACM symposium on Applied Computing
Shepherding Loadable Kernel Modules through On-demand Emulation
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Robust signatures for kernel data structures
Proceedings of the 16th ACM conference on Computer and communications security
A formal model for virtual machine introspection
Proceedings of the 1st ACM workshop on Virtual machine security
Optimizing crash dump in virtualized environments
Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Task-aware based co-scheduling for virtual machine system
Proceedings of the 2010 ACM Symposium on Applied Computing
A guest-transparent file integrity monitoring method in virtualization environment
Computers & Mathematics with Applications
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
dAnubis: dynamic device driver analysis based on virtual machine introspection
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Automatic discovery of parasitic malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Attribution of malicious behavior
ICISS'10 Proceedings of the 6th international conference on Information systems security
SymCall: symbiotic virtualization through VMM-to-guest upcalls
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Detecting stealthy malware with inter-structure and imported signatures
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Transparently bridging semantic gap in CPU management for virtualized environments
Journal of Parallel and Distributed Computing
Design issues in composition kernels for highly functional embedded systems
Proceedings of the 2011 ACM Symposium on Applied Computing
Simulating windows-based cyber attacks using live virtual machine introspection
Proceedings of the 2010 Summer Computer Simulation Conference
Virtual machine monitor-based lightweight intrusion detection
ACM SIGOPS Operating Systems Review
Security architecture for virtual machines
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part I
Nitro: hardware-based system call tracing for virtual machines
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
Controlling the speed of virtual time for malware deactivation
Proceedings of the Asia-Pacific Workshop on Systems
Controlling the speed of virtual time for malware deactivation
APSys'12 Proceedings of the Third ACM SIGOPS Asia-Pacific conference on Systems
Securing cloud storage systems through a virtual machine monitor
Proceedings of the First International Workshop on Secure and Resilient Architectures and Systems
Efficient protection of kernel data structures via object partitioning
Proceedings of the 28th Annual Computer Security Applications Conference
Virtualization: Issues, security threats, and solutions
ACM Computing Surveys (CSUR)
Identifying OS kernel objects for run-time security analysis
NSS'12 Proceedings of the 6th international conference on Network and System Security
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Virtual TCP offload: optimizing ethernet overlay performance on advanced interconnects
Proceedings of the 22nd international symposium on High-performance parallel and distributed computing
CPU transparent protection of OS kernel and hypervisor integrity with programmable DRAM
Proceedings of the 40th Annual International Symposium on Computer Architecture
Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection
ACM Transactions on Information and System Security (TISSEC)
Subverting system authentication with context-aware, reactive virtual machine introspection
Proceedings of the 29th Annual Computer Security Applications Conference
Design and implementation of a trusted monitoring framework for cloud platforms
Future Generation Computer Systems
CloRExPa: Cloud resilience via execution path analysis
Future Generation Computer Systems
Real-time deep virtual machine introspection and its applications
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.01 |
Use of stealth rootkit techniques to hide long-lived malicious processes is a current and alarming security issue. In this paper, we describe, implement, and evaluate a novel VMM-based hidden process detection and identification service called Lycosid that is based on the cross-view validation principle. Like previous VMM-based security services, Lycosid benefits from its protected location. In contrast top revious VMM-based hidden process detectors, Lycosid obtains guest process information implicitly. Using implicit information reduces its susceptibility to guest evasion attacks and decouples it from specific guest operating system versions and patch levels. The implicit information Lycosid depends on, however, can be noisy and unreliable. Statistical inference techniques like hypothesis testing and line arregression allow Lycosid to trade time for accuracy. Despite low quality inputs, Lycosid provides a robust, highly accurate service usable even insecurity environments where the consequences for wrong decisions can behig.