When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
ACM Transactions on Computer Systems (TOCS)
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
The taser intrusion recovery system
Proceedings of the twentieth ACM symposium on Operating systems principles
Rx: treating bugs as allergies---a safe method to survive software failures
Proceedings of the twentieth ACM symposium on Operating systems principles
Building a reactive immune system for software services
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Flashback: a lightweight extension for rollback and deterministic replay for software debugging
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Enhancing server availability and security through failure-oblivious computing
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Panorama: capturing system-wide information flow for malware detection and analysis
Proceedings of the 14th ACM conference on Computer and communications security
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
Proceedings of the 14th ACM conference on Computer and communications security
From STEM to SEAD: speculative execution for automated defense
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Lares: An Architecture for Secure Active Monitoring Using Virtualization
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Decoupling dynamic program analysis from execution in virtual environments
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Availability-sensitive intrusion recovery
Proceedings of the 1st ACM workshop on Virtual machine security
Using purpose capturing signatures to defeat computer virus mutating
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Hi-index | 0.00 |
In this paper, we present an approach that uses virtual machines to do ``out-of-the-box'' cross-layer damage assessment, an indispensable part of security/risk management. To resolve the conflict between fine-grained damage assessment and the response time requirements of service requests, we present a new production environment damage assessment architecture. We have implemented a major portion of the architecture and done preliminary evaluation. Contributions of our system include combining instruction and OS level taint tracking, and efficient ``what-if'' damage assessment methods.