Transparent Process Monitoring in a Virtual Environment

Electronic Notes in Theoretical Computer Science

Volumn 236, Issue C, 2009, Pages 85-100

  Baiardi, Fabrizio ^a   Maggiari, Dario ^a   Sgandurra, Daniele ^a   Tamberi, Francesco ^a  

^a UNIVERSITY OF PISA   (Italy)

Author keywords

introspection; intrusion detection system; virtual machines

Indexed keywords

COMPUTATIONAL LINGUISTICS; COMPUTER CRIME; DATA STRUCTURES; FORMAL LANGUAGES; PROCESS MONITORING; VIRTUAL REALITY;

CALL TRACES; CONTEXT-FREE GRAMMARS; DYNAMIC TOOLS; INTROSPECTION; INTRUSION DETECTION SYSTEM; PROCESS STATE; PROGRAM SOURCE CODES; SECURITY AND PERFORMANCE; STATIC AND DYNAMICS; STATIC TOOLS; SYSTEM CALLS; TRACE SYSTEMS; TRANSPARENT PROCESS; VIRTUAL ENVIRONMENTS; VIRTUAL MACHINES; VIRTUALIZATION;

INTRUSION DETECTION;

EID: 62949104480     PISSN: 15710661     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.entcs.2009.03.016     Document Type: Article

References (30)

1. Aleph One. Smashing the stack for fun and profit. Phrack 7 (1996)
2. Anderson, J. et al., Computer Security Technology Planning Study, Technical report, ESD-TR-73-51 (1972)
3. Bernaschi, M., E. Gabrielli and L.V. Mancini, Operating system enhancements to prevent the misuse of system calls, in: CCS '00: Proceedings of the 7th ACM conference on Computer and communications security (2000), pp. 174-183
4. Bishop M., and Dilger M. Checking for Race Conditions in File Accesses. Computing Systems 2 (1996) 131-152
5. Donnelly C., and Stallman R. The Bison manual: using the YACC-compatible parser generator (2006), GNU, Boston, MA
6. Dragovic, B., K. Fraser, S. Hand, T. Harris, A. Ho, I. Pratt, A. Warfield, P. Barham and R. Neugebauer, Xen and the Art of Virtualization, in: Proceedings of the ACM Symposium on Operating Systems Principles, 2003
7. Feng, H.H., J.T. Giffin, Y. Huang, S. Jha, W. Lee and B.P. Miller, Formalizing Sensitivity in Static Analysis for Intrusion Detection, in: IEEE Symposium on Security and Privacy, Oakland, California, 2004
8. Feng, H.H., O.M. Kolesnikov, P. Fogla, W. Lee and W. Gong, Anomaly Detection Using Call Stack Information, in: SP '03: Proceedings of the 2003 IEEE Symposium on Security and Privacy (2003), p. 62
9. Ferrie, P., Attacks on Virtual Machine Emulators, Symantec Security Response, December (2006)
10. Forrest, S., S.A. Hofmeyr, A. Somayaji and T.A. Longstaff, A Sense of Self for Unix Processes, in: Proceedinges of the 1996 IEEE Symposium on Research in Security and Privacy (1996), pp. 120-128
11. Garfinkel, T. and M. Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection, in: Proc. Network and Distributed Systems Security Symposium, 2003
12. Giffin, J., S. Jha and B. Miller, Efficient context-sensitive intrusion detection, in: 11th Annual Network and Distributed Systems Security Symposium (NDSS), San Diego, California, 2004
13. Giffin, J.T., S. Jha and B.P. Miller, Detecting Manipulated Remote Call Streams, in: Proceedings of the 11th USENIX Security Symposium (2002), pp. 61-79
14. Goldberg R.P. Survey of virtual machine research. IEEE Computer 7 (1974) 34-45
15. Hofmeyr S.A., Forrest S., and Somayaji A. Intrusion Detection Using Sequences of System Calls. Journal of Computer Security 6 (1998) 151-180
16. Jr., N.L.P., T. Fraser, J. Molina and W.A. Arbaugh, Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor, in: USENIX Security Symposium, 2004, pp. 179-194
17. Ko, C., G. Fink and K. Levitt, Automated detection of vulnerabilities in privileged programs by execution monitoring, in: Proceedings of the 10th Annual Computer Security Applications Conference (1994), pp. 134-144
18. Ko, C., M. Ruschitzka and K. Levitt, Execution monitoring of security-critical programs in distributed systems: a specification-based approach, in: SP '97: Proceedings of the 1997 IEEE Symposium on Security and Privacy (1997), p. 175
19. Lam, L.-C. and T.-C. Chiueh, Automatic Extraction of Accurate Application-Specific Sandboxing Policy, in: RAID, 2004, pp. 1-20
20. Lam, L.-C., W. Li and T.-C. Chiueh, Accurate and Automated System Call Policy-Based Intrusion Prevention, in: DSN '06: Proceedings of the International Conference on Dependable Systems and Networks (DSN'06) (2006), pp. 413-424
21. Lee, W. and S. Stolfo, Data mining approaches for intrusion detection, in: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, 1998
22. Linn, C.M., M. Rajagopalan, S. Baker, C. Collberg, S.K. Debray and J.H. Hartman, Protecting against unexpected system calls, in: SSYM'05: Proceedings of the 14th conference on USENIX Security Symposium (2005), pp. 16-16
23. Saïdi, H., Guarded models for intrusion detection, in: PLAS '07: Proceedings of the 2007 workshop on Programming languages and analysis for security (2007), pp. 85-94
24. Sekar, R., M. Bendre, D. Dhurjati and P. Bollineni, A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors, in: SP '01: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001), p. 144
25. Sekar, R. and P. Uppuluri, Synthesizing fast intrusion prevention/detection systems from high-level specifications, in: SSYM'99: Proceedings of the 8th conference on USENIX Security Symposium (1999), pp. 6-6
26. Tsai, T.K. and N. Singh, Libsafe: Transparent System-wide Protection Against Buffer Overflow Attacks, in: DSN '02: Proceedings of the 2002 International Conference on Dependable Systems and Networks (2002), p. 541
27. Vigna G. Malware Detection. Advances in Information Security (2007), Springer
28. Wagner, D. and D. Dean, Intrusion Detection via Static Analysis, in: SP '01: Proceedings of the 2001 IEEE Symposium on Security and Privacy (2001), p. 156
29. Wagner, D. and P. Soto, Mimicry attacks on host-based intrusion detection systems, in: CCS '02: Proceedings of the 9th ACM conference on Computer and communications security (2002), pp. 255-264
30. Lee W., Stolfo S.J., and Chan P.K. Learning patterns from UNIX processes execution traces for intrusion detection. AAAI Workshop on AI Approaches to Fraud Detection and Risk Management (1997), AAAI Press 50-56