Virtual machine introspection: Observation or interference?

IEEE Security and Privacy

Volumn 6, Issue 5, 2008, Pages 32-37

  Nance, Kara ^a   Hay, Brian ^a   Bishop, Matt ^b  

^a UNIVERSITY OF ALASKA FAIRBANKS   (United States)

^b UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EFFICIENT; MALWARE; MEMORY PAGES; SECURITY ENGINEERINGS; SYSTEM MONITORS; TOOL SUITES; VIRTUAL MACHINES;

COMPUTER CRIME;

EID: 54049106582     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2008.134     Document Type: Article

References (13)

1. T. Garfinkel and M. Rosenblum, "A Virtual Machine Introspection-Based Architecture for Intrusion Detection," Proc. 10th Symp. Network, and Distributed System Security (NDSS 03), Internet Society, 2003, pp. 191-206.
2. IBM Systems Virtualization Version 2 Release 1, IBM Corp., 2005; publib.boulder.ibm.com/infocenter/ eserver/vlr2/topic/eicay/eicay.pdf.
3. Understanding Full Virtualization, Paravirtualization, and Hardware Assist, white paper, VMware, 2007; www. vmware.com/files/pdf/ VMware_paravirtualization.pdf.
4. S. Joues, A. Arpaci-Dusseau, and R. Arpaci-Dusseau, "VMM-based Hidden Process Detection and Identification Using Lycosid," Proc. ACM Int'l Conf Virtual Execution Environments (VEE 08), ACM Press, 2008, pp. 91-100.
5. L. Litty andD. Lie, "Manitou: A Layer-Below Approach to Fighting Malware," Proc. Workshop Architectural and System Support for Improving Software Dependability (ASID 06), ACM Press, 2006, pp. 6-11.
6. A. Whitaker et al., "Constructing Services with Interposable Virtual Hardware," Proc. 1st Symp. Networked Systems Design and Implementation (NSDI 04), Mar. 2004.
7. B. Payne et al., "Lares: An Architecture for Secure Active Monitoring Using Visualization," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 2008, pp. 233-247.
8. S. Jones, A. Arpaci-Dusseau, and R. Arpaci-Dusseau, "AntFarm: Tracking Processes in a Virtual Machine Environment," Proc. Annual Usenix Tech. Conf., Usenix Assoc., 2008, pp. 1-14.
9. A. Joshi et al., "Detecting Past and Present Intrusions through Vulnerability-Specific Predicates," Proc. Symp. Operating System Principles (SOSP), 2005, pp. 91-104.
10. G.W. Duulap et al., "ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay," Proc. 2002 Symp. OS Design and Implementation (OSDI 02), ACM Press, 2002, pp. 211-224.
11. S. King, G. Duulap, and P. Chen, "Debugging Operating Systems with Time-Traveling Virtual Machines," Proc. Annual Usenix Tech. Conf., Usenix Assoc., 2005; www.useuix.org/events/usenix05/tech/general/king/ kiug.pdf.
12. B. Hay and K. Nance, "Forensics Examination of Volatile System Data Using Virtual Introspection," ACM Sigops OS Review, vol. 42, no. 3, 2008, pp. 74-82.
13. M. Pollitt et al., "Virtualization and Digital Forensics: A Research and Education Agenda," J. Digital Forensic Practice, vol. 2, no. 2, 2008, pp. 62-73.