System Introspection with Hardware Watchmachines
نویسندگان
چکیده
Unfortunately, current introspection mechanisms usually impose a high performance overhead or are difficult for programmers to use. For example, a 1000x slowdown using Valgrind for application debugging is not uncommon, and the lack of precise instruction counters has complicated research in deterministic multiprocessing [1, 7, 2]. However, with careful hardware support, introspection can be made both efficient and precise. One such example is the success of debug registers in x86 processors, which allow the system to efficiently monitor memory accesses, and trap to software precisely when a read or write occurs to a monitored address.
منابع مشابه
SystemWall: An Isolated Firewall Using Hardware-Based Memory Introspection
Memory introspection can be a powerful tool for analyzing contents of a system’s memory for any malicious code. Current approaches based on memory introspection have focused on Virtual Machines and using a privileged software entity, such as a hypervisor, to perform the introspection. Such software-based introspection, however, is susceptible to variety of attacks that may compromise the hyperv...
متن کاملLO-PHI: Low-Observable Physical Host Instrumentation for Malware Analysis
Dynamic-analysis techniques have become the linchpins of modern malware analysis. However, software-based methods have been shown to expose numerous artifacts, which can either be detected and subverted, or potentially interfere with the analysis altogether, making their results untrustworthy. The need for less-intrusive methods of analysis has led many researchers to utilize introspection in p...
متن کاملSecure Observation of Kernel Behavior
Operating system kernels are difficult to understand and monitor. Hardware virtualization provides a layer where security tools can observe a kernel, but the gap between operating system abstractions and hardware accesses limits the ability of tools to comprehend the kernel’s activity. Virtual machine introspection (VMI) builds knowledge of high-level kernel state by directly accessing the memo...
متن کاملSprobes: Enforcing Kernel Code Integrity on the TrustZone Architecture
Many smartphones now deploy conventional operating systems, so the rootkit attacks so prevalent on desktop and server systems are now a threat to smartphones. While researchers have advocated using virtualization to detect and prevent attacks on operating systems (e.g., VM introspection and trusted virtual domains), virtualization is not practical on smartphone systems due to the lack of virtua...
متن کاملImproving I/O Performance using Virtual Disk Introspection
Storage consolidation due to server virtualization puts stringent new requirements on Storage Array (SA) performance. Virtualized workloads require new performance optimizations that cannot be totally addressed by merely using expensive hardware such as SSDs. This position paper presents Virtual Machine Disk Image (VMDI) introspection—a key technique for implementing a variety of virtualization...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011