Anomaly Detection Using Call Stack Information
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A Sense of Self for Unix Processes
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Exploiting concurrency vulnerabilities in system call wrappers
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Virtualization-based separation of privilege: working with sensitive data in untrusted environment
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Some ideas on virtualized system security, and monitors
DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Operating system interface obfuscation and the revealing of hidden operations
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
DriverGuard: a fine-grained protection on I/O flows
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Shifting GEARS to enable guest-context virtual services
Proceedings of the 9th international conference on Autonomic computing
| Hi-index | 0.00 |
A virtual machine monitor (VMM) can isolate virtual machines (VMs) for trusted programs from VMs for untrusted ones. The security of VMs for untrusted programs can be enhanced by monitoring and controlling the behavior of the VMs with security systems running in a VM for trusted programs. However, programs running outside of a monitored VM usually obtain only low-level events and states such as interrupts and register values. Therefore, it is not straight-forward for the programs to understand the high-level behavior of an operating system in a monitored VM and to control resources managed by the operating system. In this paper, we propose a security system that controls the execution of processes from the outside of VMs. It consists of a modified VMM and a program running in a trusted VM. The system intercepts system calls invoked in a monitored VM and controls the execution according to a security policy. To fill the semantic gap between low-level events and high-level behavior, the system uses knowledge of the structure of a given operating system kernel. The user creates the knowledge with a tool when building an operating system. We implemented the system using Xen, and measured the overhead through experiments using microbenchmarks and a benchmark for the Apache web server.