Using virtual machines to do cross-layer damage assessment

Authors:
Xiaoqi Jia;Shengzhi Zhang;Jiwu Jing;Peng Liu
Affiliations:
Pennsylvania State University, University Park, PA, and Graduate University of Chinese Academy of Sciences, Beijing, China;Pennsylvania State University, University Park, PA, USA;Graduate University of Chinese Academy of Sciences, Beijing, China;Pennsylvania State University, University Park, PA, USA
Venue:
Proceedings of the 1st ACM workshop on Virtual machine security
Year:
2008

Citing 15
Cited 2

When Virtual Is Better Than Real

HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Backtracking intrusions

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Backtracking intrusions

ACM Transactions on Computer Systems (TOCS)
ReVirt: enabling intrusion analysis through virtual-machine logging and replay

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
The taser intrusion recovery system

Proceedings of the twentieth ACM symposium on Operating systems principles
Rx: treating bugs as allergies---a safe method to survive software failures

Proceedings of the twentieth ACM symposium on Operating systems principles
Building a reactive immune system for software services

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
QEMU, a fast and portable dynamic translator

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Flashback: a lightweight extension for rollback and deterministic replay for software debugging

ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Enhancing server availability and security through failure-oblivious computing

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Panorama: capturing system-wide information flow for malware detection and analysis

Proceedings of the 14th ACM conference on Computer and communications security
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction

Proceedings of the 14th ACM conference on Computer and communications security
From STEM to SEAD: speculative execution for automated defense

ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Lares: An Architecture for Secure Active Monitoring Using Virtualization

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Decoupling dynamic program analysis from execution in virtual environments

ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference

Availability-sensitive intrusion recovery

Proceedings of the 1st ACM workshop on Virtual machine security
Using purpose capturing signatures to defeat computer virus mutating

ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present an approach that uses virtual machines to do ``out-of-the-box'' cross-layer damage assessment, an indispensable part of security/risk management. To resolve the conflict between fine-grained damage assessment and the response time requirements of service requests, we present a new production environment damage assessment architecture. We have implemented a major portion of the architecture and done preliminary evaluation. Contributions of our system include combining instruction and OS level taint tracking, and efficient ``what-if'' damage assessment methods.