Proceedings of the 18th ACM conference on Computer and communications security
A universal semantic bridge for virtual machine introspection
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Evolution of traditional digital forensics in virtualization
Proceedings of the 50th Annual Southeast Regional Conference
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Virtual machine introspection in a hybrid honeypot architecture
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
Secure and robust monitoring of virtual machines through guest-assisted introspection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Assessing the trustworthiness of drivers
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Introspection-based memory de-duplication and migration
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Proceedings of the 9th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
System-Level support for intrusion recovery
DIMVA'12 Proceedings of the 9th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Enforcing system-wide control flow integrity for exploit detection and diagnosis
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Evolution of digital forensics in virtualization by using virtual machine introspection
Proceedings of the 51st ACM Southeast Conference
Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection
ACM Transactions on Information and System Security (TISSEC)
Obfuscation resilient binary code reuse through trace-oriented programming
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Tappan Zee (north) bridge: mining memory accesses for introspection
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
An architecture for concurrent execution of secure environments in clouds
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Subverting system authentication with context-aware, reactive virtual machine introspection
Proceedings of the 29th Annual Computer Security Applications Conference
MyCloud: supporting user-configured privacy protection in cloud computing
Proceedings of the 29th Annual Computer Security Applications Conference
Real-time deep virtual machine introspection and its applications
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Composable multi-level debugging with Stackdb
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Hi-index | 0.01 |
Introspection has featured prominently in many recent security solutions, such as virtual machine-based intrusion detection, forensic memory analysis, and low-artifact malware analysis. Widespread adoption of these approaches, however, has been hampered by the semantic gap: in order to extract meaningful information about the current state of a virtual machine, detailed knowledge of the guest operating system's inner workings is required. In this paper, we present a novel approach for automatically creating introspection tools for security applications with minimal human effort. By analyzing dynamic traces of small, in-guest programs that compute the desired introspection information, we can produce new programs that retrieve the same information from outside the guest virtual machine. We demonstrate the efficacy of our techniques by automatically generating 17 programs that retrieve security information across 3 different operating systems, and show that their functionality is unaffected by the compromise of the guest system. Our technique allows introspection tools to be effortlessly generated for multiple platforms, and enables the development of rich introspection-based security applications.