KvmSec: a security extension for Linux kernel virtual machines
Proceedings of the 2009 ACM symposium on Applied Computing
Measuring Semantic Integrity for Remote Attestation
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Semantic attestation of node integrity in overlays
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Attestation of integrity of overlay networks
Journal of Systems Architecture: the EUROMICRO Journal
CloRExPa: Cloud resilience via execution path analysis
Future Generation Computer Systems
Hi-index | 0.01 |
Semantics-driven monitoring discovers attacks against a process by evaluating invariants on the process state. We propose an approach that increases the robustness and the transparency of the run-time monitoring system by introducing two virtual machines (VMs) running on the same platform. One VM runs the monitored process, i.e. the process P to be protected, while the other one evaluates invariants on P state each time P invokes a system call. To this purpose, an Introspection Library allows the monitoring VM to access the memory and the processor registers of the monitored VM.After describing the overall architecture, we focus on the Introspection Library and the problems posed by the introspection of variables in the memory of a program running in a distinct VM to evaluate invariants. A first prototype implementation is also presented together with preliminary performance results.