Dynamic and transparent analysis of commodity production systems

Authors:
Aristide Fattori;Roberto Paleari;Lorenzo Martignoni;Mattia Monga
Affiliations:
Università degli Studi di Milano, Milano, Italy;Università degli Studi di Milano, Milano, Italy;Università degli Studi di Udine, Udine, Italy;Università degli Studi di Milano, Milano, Italy
Venue:
Proceedings of the IEEE/ACM international conference on Automated software engineering
Year:
2010

Citing 12
Cited 2

Structuring operating system aspects: using AOP to improve OS structure modularity

Communications of the ACM
Using aspectC to improve the modularity of path-specific customization in operating system code

Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
Program Instrumentation for Debugging and Monitoring with AspectC++

ISORC '02 Proceedings of the Fifth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing
Fine-grained dynamic instrumentation of commodity operating system kernels

Fine-grained dynamic instrumentation of commodity operating system kernels
ReVirt: enabling intrusion analysis through virtual-machine logging and replay

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Stealth Breakpoints

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Debugging operating systems with time-traveling virtual machines

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Dynamic instrumentation of production systems

ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Decoupling dynamic program analysis from execution in virtual environments

ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Ether: malware analysis via hardware virtualization extensions

Proceedings of the 15th ACM conference on Computer and communications security
Back to the Future: Omniscient Debugging

IEEE Software
TOSKANA: a toolkit for operating system kernel aspects

Transactions on Aspect-Oriented Software Development II

The power of procrastination: detection and mitigation of execution-stalling malicious code

Proceedings of the 18th ACM conference on Computer and communications security
DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles

Proceedings of the 29th Annual Computer Security Applications Conference

Quantified Score

Hi-index	0.01

Visualization

Abstract

We propose a framework that provides a programming interface to perform complex dynamic system-level analyses of deployed production systems. By leveraging hardware support for virtualization available nowadays on all commodity machines, our framework is completely transparent to the system under analysis and it guarantees isolation of the analysis tools running on top of it. Thus, the internals of the kernel of the running system needs not to be modified and the whole platform runs unaware of the framework. Moreover, errors in the analysis tools do not affect the running system and the framework. This is accomplished by installing a minimalistic virtual machine monitor and migrating the system, as it runs, into a virtual machine. In order to demonstrate the potentials of our framework we developed an interactive kernel debugger, named HyperDbg. HyperDbg can be used to debug any critical kernel component, and even to single step the execution of exception and interrupt handlers.