Using virtual machines to do cross-layer damage assessment
Proceedings of the 1st ACM workshop on Virtual machine security
KvmSec: a security extension for Linux kernel virtual machines
Proceedings of the 2009 ACM symposium on Applied Computing
Secure in-VM monitoring using hardware virtualization
Proceedings of the 16th ACM conference on Computer and communications security
Countering kernel rootkits with lightweight hook protection
Proceedings of the 16th ACM conference on Computer and communications security
Mapping kernel objects to enable systematic integrity checking
Proceedings of the 16th ACM conference on Computer and communications security
Cloud security is not (just) virtualization security: a short paper
Proceedings of the 2009 ACM workshop on Cloud computing security
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
A guest-transparent file integrity monitoring method in virtualization environment
Computers & Mathematics with Applications
HyperSentry: enabling stealthy in-context measurement of hypervisor integrity
Proceedings of the 17th ACM conference on Computer and communications security
HookScout: proactive binary-centric hook detection
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Automatic discovery of parasitic malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Live and trustworthy forensic analysis of commodity production systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
A framework for testing hardware-software security architectures
Proceedings of the 26th Annual Computer Security Applications Conference
Attribution of malicious behavior
ICISS'10 Proceedings of the 6th international conference on Information systems security
A framework for defending embedded systems against software attacks
ACM Transactions on Embedded Computing Systems (TECS)
Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs
Proceedings of the Fourth European Workshop on System Security
Secure virtualization for cloud computing
Journal of Network and Computer Applications
Simulating windows-based cyber attacks using live virtual machine introspection
Proceedings of the 2010 Summer Computer Simulation Conference
Operating system interface obfuscation and the revealing of hidden operations
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
CyberGuarder: A virtualization security assurance architecture for green cloud computing
Future Generation Computer Systems
DriverGuard: a fine-grained protection on I/O flows
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
SPARC: a security and privacy aware virtual machinecheckpointing mechanism
Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
Proceedings of the 18th ACM conference on Computer and communications security
Nitro: hardware-based system call tracing for virtual machines
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
Tracking payment card data flow using virtual machine state introspection
Proceedings of the 27th Annual Computer Security Applications Conference
Vis: virtualization enhanced live acquisition for native system
Proceedings of the Second Asia-Pacific Workshop on Systems
Detecting malware signatures in a thin hypervisor
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Hypervisor-based background encryption
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Surreptitious Deployment and Execution of Kernel Agents in Windows Guests
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
An introspection-based memory scraper attack against virtualized point of sale systems
FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
kGuard: lightweight kernel protection against return-to-user attacks
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Verifying system integrity by proxy
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Virtual machine introspection in a hybrid honeypot architecture
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
Proceedings of the 2012 ACM conference on Computer and communications security
OS-Sommelier: memory-only operating system fingerprinting in the cloud
Proceedings of the Third ACM Symposium on Cloud Computing
Secure and robust monitoring of virtual machines through guest-assisted introspection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Improving disk I/O performance in a virtualized system
Journal of Computer and System Sciences
Efficient protection of kernel data structures via object partitioning
Proceedings of the 28th Annual Computer Security Applications Conference
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
NumChecker: detecting kernel control-flow modifying rootkits by using hardware performance counters
Proceedings of the 50th Annual Design Automation Conference
FORTUNA-A framework for the design and development of hardware-based secure systems
Journal of Systems and Software
DriverGuard: Virtualization-Based Fine-Grained Protection on I/O Flows
ACM Transactions on Information and System Security (TISSEC)
Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection
ACM Transactions on Information and System Security (TISSEC)
Tappan Zee (north) bridge: mining memory accesses for introspection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
An architecture for concurrent execution of secure environments in clouds
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Subverting system authentication with context-aware, reactive virtual machine introspection
Proceedings of the 29th Annual Computer Security Applications Conference
KI-Mon: a hardware-assisted event-triggered monitoring platform for mutable kernel object
SEC'13 Proceedings of the 22nd USENIX conference on Security
Design and implementation of a trusted monitoring framework for cloud platforms
Future Generation Computer Systems
Real-time deep virtual machine introspection and its applications
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.00 |
Host-based security tools such as anti-virus and intrusion detection systems are not adequately protected on today's computers. Malware is often designed to immediately disable any security tools upon installation, rendering them useless. While current research has focused on moving these vulnerable security tools into an isolated virtual machine, this approach cripples security tools by preventing them from doing active monitoring. This paper describes an architecture that takes a hybrid approach, giving security tools the ability to do active monitoring while still benefiting from the increased security of an isolated virtual machine. We discuss the architecture and a prototype implementation that can process hooks from a virtual machine running Windows XP on Xen. We conclude with a security analysis and show the performance of a single hook to be 28 microseconds in the best case.