Leveraging Forensic Tools for Virtual Machine Introspection

نویسندگان

  • Brendan Dolan-Gavitt
  • Bryan Payne
  • Wenke Lee
چکیده

Virtual machine introspection (VMI) has formed the basis of a number of novel approaches to security in recent years. Although the isolation provided by a virtualized environment provides improved security, software that makes use of VMI must overcome the semantic gap, reconstructing high-level state information from low-level data sources such as physical memory. The digital forensics community has likewise grappled with semantic gap problems in the field of forensic memory analysis (FMA), which seeks to extract forensically relevant information from dumps of physical memory. In this paper, we will show that work done by the forensic community is directly applicable to the VMI problem, and that by providing an interface between the two worlds, the difficulty of developing new virtualization security solutions can be significantly reduced.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring

Security requirements in the cloud have led to the development of new monitoring techniques that can be broadly categorized as virtual machine introspection (VMI) techniques. VMI monitoring aims to provide high-fidelity monitoring while keeping the monitor secure by leveraging the isolation provided by virtualization. This work shows that not all hypervisor activity is hidden from the guest vir...

متن کامل

Virtual Machine Introspection with Xen on ARM

In the recent years, virtual machine introspection (VMI) has become a valuable technique for developing security applications for virtualized environments. With the increasing popularity of the ARM architecture, and the recent addition of hardware virtualization extensions, there is a growing need for porting existing VMI tools. Porting these applications requires proper hypervisor support, whi...

متن کامل

VMI-PL: A monitoring language for virtual platforms using virtual machine introspection

With the growth of virtualization and cloud computing, more and more forensic investigations rely on being able to perform live forensics on a virtual machine using virtual machine introspection (VMI). Inspecting a virtual machine through its hypervisor enables investigation without risking contamination of the evidence, crashing the computer, etc. To further access to these techniques for the ...

متن کامل

Leveraging Virtual Machine Introspection for Hot-Hardening of Arbitrary Cloud-User Applications

Correctly applying security settings of various different applications is a time-consuming and in some cases a very difficult task. Moreover, with explosion in cloud computing popularity, cloud users are able to download and run pre-packaged virtual appliances. Many users may assume that these come with correct security settings and never bother to check or update these settings. In this paper ...

متن کامل

Virtual Machine Introspection in a Hybrid Honeypot Architecture

With the recent advent of effective and practical virtual machine introspection tools, we revisit the use of hybrid honeypots as a means to implement automated malware collection and analysis. We introduce VMIHoneymon, a high-interaction honeypot monitor which uses virtual machine memory introspection on Xen. VMI-Honeymon remains transparent to the monitored virtual machine and bypasses relianc...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2009