When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
The Art of Computer Virus Research and Defense
The Art of Computer Virus Research and Defense
Pattern Recognition and Machine Learning (Information Science and Statistics)
Pattern Recognition and Machine Learning (Information Science and Statistics)
Manitou: a layer-below approach to fighting malware
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Antfarm: tracking processes in a virtual machine environment
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
Proceedings of the 14th ACM conference on Computer and communications security
VMM-based hidden process detection and identification using Lycosid
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Forensics examination of volatile system data using virtual introspection
ACM SIGOPS Operating Systems Review
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
Simulating windows-based cyber attacks using live virtual machine introspection
Proceedings of the 2010 Summer Computer Simulation Conference
Nitro: hardware-based system call tracing for virtual machines
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
A universal semantic bridge for virtual machine introspection
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Evolution of traditional digital forensics in virtualization
Proceedings of the 50th Annual Southeast Regional Conference
Evolution of digital forensics in virtualization by using virtual machine introspection
Proceedings of the 51st ACM Southeast Conference
| Hi-index | 0.00 |
Virtual machine introspection (VMI) describes the method of monitoring and analyzing the state of a virtual machine from the hypervisor level. In this paper, we present a formal discussion of the development of VMI-based security applications. We begin by identifying three major challenges that all VMI-based security applications must overcome. The main contribution of our work is the definition of a formal model for describing VMI techniques. This model is broken down in such a way that allows for thorough discussion of any VMI approach with regard to each of the three challenges. Then, we specify three design patterns for interpreting state information using our model. We argue that these patterns are complete, that is, they cover all possible methods for state interpretation. The properties of all patterns are thoroughly discussed so that the pros and cons of their application may be fully understood. Finally, we describe and discuss an ideal VMI-based intrusion detection system using our model and begin to detail the practical implications in building such a system.