A Universal Semantic Bridge for Virtual Machine Introspection
نویسندگان
چکیده
All systems that utilize virtual machine introspection (VMI) need to overcome the disconnect between the low-level state that the hypervisor sees and its semantics within the guest. This problem has become well-known as the semantic gap. In this work, we introduce our tool, InSight, that establishes a semantic connection between the guest and the hypervisor independent of the application at hand. InSight goes above and beyond previous approaches in that it strives to expose all kernel objects to an application with as little human effort as possible. It features a shell interface for interactive inspection as well as a scripting engine for comfortable and safe development of new VMI-based methods. Due to this flexibility, InSight supports a wide variety of VMI applications, such as intrusion detection, forensic analysis, malware analysis, and kernel debugging.
منابع مشابه
HYBRID-BRIDGE: Efficiently Bridging the Semantic Gap in Virtual Machine Introspection via Decoupled Execution and Training Memoization
Recent advances show that it is possible to reuse the legacy binary code to bridge the semantic gap in virtual machine introspection (VMI). However, existing such VMI solutions often have high performance overhead (up to hundreds of times slowdown), which significantly hinders their practicality especially for cloud providers who wish to perform real-time monitoring of the virtual machine state...
متن کاملBogdan Carbunar
Introspections on the Semantic Gap Report Title An essential goal of virtual machine introspection (VMI) is security policy enforcement in the presence of an untrustworthy OS. One obstacle to this goal is the difficulty in accurately extracting semantic meaning from the hypervisor’s hardware-level view of a guest OS.
متن کاملBridging the Semantic Gap Through Static Code Analysis
The semantic gap is a challenge inherent in all applications of virtual machine introspection (VMI). It describes the disconnect between the low-level state that the hypervisor has access to and its semantics within the guest. A common approach to bridge this gap is to utilize the debugging symbols of an inspected operating system kernel, although it is well understood that this information doe...
متن کاملCMPS223 Final Project Virtual Machine Introspection Techniques
This work is a survey of Virtual Machine (VM) introspection, a necessary tool when utilizing VMs for security purposes. In the the rest of this section, we discuss traditional techniques for dealing with malware and the appeals of using a VM in a security context. In Section 2, we outline the main problem for using VMs for security called the semantic gap. In Section 3, we analyze 3 related app...
متن کاملIterative Backtracking via Deterministic Virtual Machine Replay and Virtual Machine Introspection
We propose a security analysis system that enables tracking and understanding system intrusions fully and precisely, using deterministic virtual machine replay and virtual machine introspection. Understanding the behaviors of system intrusions is important for malware defense systems to discover their vulnerabilities and prevent them to be exploited for the future. Existing approaches fail to e...
متن کامل