POSTER: Introducing pathogen: a real-time virtualmachine introspection framework

Authors:
Anthony Roberts;Richard McClatchey;Saad Liaquat;Nigel Edwards;Mike Wray
Affiliations:
University of the West of England, Bristol, United Kingdom;University of the West of England, Bristol, United Kingdom;University of the West of England, Bristol, United Kingdom;Hewlett-Packard Laboratories, Bristol, United Kingdom;Hewlett-Packard Laboratories, Bristol, United Kingdom
Venue:
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Year:
2013

Citing 2
Cited 1

Secure in-VM monitoring using hardware virtualization

Proceedings of the 16th ACM conference on Computer and communications security
Blacksheep: detecting compromised hosts in homogeneous crowds

Proceedings of the 2012 ACM conference on Computer and communications security

Real-time deep virtual machine introspection and its applications

Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Quantified Score

Hi-index	0.00

Visualization

Abstract

In recent years, malware has grown extremely rapidly in complexity and rates of system infection. Current generation anti-virus and anti-malware software provides system protection through the use of locally installed monitoring agents, which are dependent upon vendor generated signature and heuristic based rules. However, because these monitoring agents are installed within the systems they are trying to protect, they themselves are potential targets of attack by malware. Pathogen overcomes this issue by using a real-time system monitoring and analysis framework that utilises Virtual Machine introspection (VMI) to allow the monitoring of a system without the need for any locally installed agents. One of the main research problems in VMI is how to parse and interpret the memory of an executing system from outside of that system. Pathogen's contribution is a lightweight introspection framework that bridges the semantic gap.