ExecRecorder: VM-based full-system replay for attack analysis and system recovery

ASID'06: 1st Workshop on Architectural and System Support for Improving Software Dependability

Volumn , Issue , 2006, Pages 66-71

  De Oliveira, Daniela A S ^a   Crandall, Jedidiah R ^a   Wassermann, Gary ^a   Wu, S Felix ^a   Su, Zhendong ^a   Chong, Frederic T ^b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Malware; Recovery; Replay; Virtual machines; Worms

Indexed keywords

MALWARE; MALWARE ATTACKS; REPLAY; VIRTUAL MACHINES; WORMS;

COMPUTER ARCHITECTURE; DIGITAL ARITHMETIC; PROGRAM DEBUGGING; RELIABILITY THEORY; REQUIREMENTS ENGINEERING; VIRTUAL REALITY;

COMPUTER CRIME;

EID: 34547167419     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1181309.1181320     Document Type: Conference Paper

References (31)

1. http://x82.inetcop.org/h0me/papers/free-ur-mind.pdf.
2. L. Alvisi. Understanding the Message Logging Paradigm for Masking Process Crashes. PhD thesis, Cornell. University, 1996.
3. L. Alvisi and K. Marzullo. Message Logging: Pessimistic, Optimistic, Causal, and Optimal. IEEE Transactions on Software Engineering, 24(2):149-159, February 1998.
4. Web benchmark. http://www.serverwatch.com/news/article.php/ 10824_1133391_2.
5. T. C. Bressoud and F. B. Schneider. Hypervisor-Based Fault Tolerance. ACM TOCS, 14(1):80-107, February 1996.
6. P. M. Chen and B. D. Noble. When Virtual, is Better than Real. HotOS, May 2001.
7. J.-D. Choi and H. Srinivasan. Deterministic Replay of Java Multithreaded Applications. ACM SIGMETRICS SPDT, pages 48-59, August 1998.
8. J. R. Crandall and F. T. Chong. Minos: Control Data Attack Prevention Orthogonal to Memory Model. MICRO, pages 221-232, December 2004.
9. J. R. Crandall, Z. Su, S. F. Wu, and F. T. Chong. On Deriving Unknown Vulnerabilities from. Zero-Day Polymorphic and Metamorphic Worm. Exploits. ACM CCS, pages 235-248, November 2005.
10. G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. SIGOPS Oper. Syst. Rev., 36(SI):211-224, 2002.
11. E. N. Elnozahy, L. Alvisi, Y-M. Wang, and D. B. Johnson. A. Survey of Rollback-Recovery Protocols in Message-Passing Systems. University of Michigan Technical Report CSE-TR-410, 34(3):375-408, September 2002.
12. T. Garfi nkel and M. Rosenblum. When Virtual is Harder than Real: Security Challenges in Virtual. Machine Based Computing Environments. HotOS, June 2005.
13. Z. Gutterman and B. Pinkas. BugNet: Continuously Recording Program Execution for Deterministic Replay Debugging. ISCA-32, pages 284-295, June 2005.
14. Intel. IA-32 Intel Architecture Software Developer's Manual. Volumes 1, 2 and 3.
15. A. Joshi, S. T. King, G. W. Dunlap, and P. M. Chen. Detecting Past and Present Intrusions through Vulnerability-specifi c Predicates. ACM SOSP, pages 91-104, October 2005.
16. S. T. King, G. W. Dunlap, and P. M. Chen. Operating System Support for Virtual Machines. In USENIX, 2003.
17. T. J. LeBlanc and J. M. Mellor-Crummey. Debugging Parallel Programs with Instant Replay. IEEE Transactions on Computers, 36(4):471-482, April 1987.
18. R. Love. Linux Kernel Development. 2005.
19. D. E. Lowell, and P. M. Chen. Discount Checking: Transparent, Low-Overhead Recovery for General Applications. University of Michigan Technical Report CSE-TR-410-99, 1998.
20. M. Prvulovic and J. Torrellas. ReEnact: Using Thread-Level Speculation. Mechanisms to Debug Data Races in. Multithreaded Codes. ISCA-30, pages 110-121, June 2003.
21. F. Qin, J. Tucek, J. Sundaresan, and Y. Zhou. Rx: Treating Bugs as Allergies - A Safe Method to Survive Software Failures. ACM SOSP, pages 235-248, October 2005.
22. M. Rosenblum. and T. Garfinkel. Virtual Machine Monitors: Current Technology and Future Trends. IEEE Computer Society, 38(5):39-47, May 2005.
23. J. Slye and E. Elnozahy. Supporting Nondetermmistic Execution in Fault-Tolerant Systems. FTCS, .1996.
24. J. H. Slye and E. N. Elnozahy. Support for Software Interrupts in Log-Based Rollback-Recovery. IEEE Transactions on Computers, 47(10):1113-1123, October 1998.
25. J. E. Smith and R. Nair. Virtual Machines - Versatile Platforms for Systems and. Processes. Morgan. Kaufmann, 2005.
26. Microsoft SQLIO. http://www.microsoft.com/downloads/.
27. S. M. Srinivasan, S. Kandula, C. R. Andrews, and Y Zhou. Flashback: A. Lightweight Extension for Rollback and Deterministic Replay for Software Debugging. USENIX, June 2004.
28. UnixBench. http://www.tux.org/pub/tux/benchmarks/System/unixbench/.
29. A. Whitaker, R. S. Cox, M. Shaw, and S. D. dribble. Rethinking the Design of Virtual Machine Monitors. IEEE Computer, 38(5):57-62, May 2005.
30. M. Xu, R. Bodik, and M. D. Hil. A Flight Data Recorder for Enabling Full-System Multiprocessor Deterministic Replay. ISCA-30, pages 122-133, June 2003.
31. bochs: the Open Source IA-32 Emulation. Project (Home Page). http://bochs.sourceforge.net.