Kernel memory protection by an insertable hypervisor which has VM introspection and stealth breakpoints

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 8639 LNCS, Issue , 2014, Pages 48-61

  Suzaki, Kuniyasu ^a   Yagi, Toshiki ^a   Kobara, Kazukuni ^a   Ishiyama, Toshiaki ^b  

^a NATIONAL INSTITUTE OF ADVANCED INDUSTRIAL SCIENCE AND TECHNOLOGY AIST   (Japan)

^b FFRI Inc   (Japan)

Author keywords

Computer Security; Information Leakage; Stealth Breakpoints; Virtual Machine Introspection

Indexed keywords

AUTHENTICATION; SECURITY SYSTEMS;

BREAK-POINTS; DEVICE DRIVER; INDUSTRIAL INFRASTRUCTURE; INFORMATION LEAKAGE; MEMORY STRUCTURE; SENSITIVE DATAS; VIRTUAL MACHINE INTROSPECTION; ZERO DAY ATTACK;

SECURITY OF DATA;

EID: 84907351092     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-319-09843-2_4     Document Type: Conference Paper

References (16)

1. Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: A Tool for Analyzing Malware. In: 15th European Institute for Computer Antivirus Research, EICAR (2006)
2. Ben-Cohen, O., Wool, A.: Korset: Automated, Zero False-Alarm Intrusion Detection for Linux. In: Linux Symposium (2008)
3. Bencsáth, B., Pék, G., Buttyán, L., Félegyházi, M.: Duqu: Analysis, Detection, and Lessons Learned. In: European Workshop on System Security, EuroSec (2012)
4. Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: Malware Analysis via Hardware Virtualization Extensions. In: ACM Conference on Computer and Communications Security, CCS (2008)
5. Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet Dossier, Symantec Security Response (2011)
6. Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: 10th Annual Network & Distributed System Security Symposium, NDSS (2003)
7. King, S.T., Dunlap, G.W., Chen, P.M.: Operating System Support for Virtual Machines. USENIX Annual Tech. (2003)
8. Murakami, J.: FFR GreenKiller - Automatic kernel-mode malware analysis system. In: 12th Associates of Anti-Virus Asia Reserachers International Conference (2009) http://www.fourteenforty.jp/research/research-papers/avar- 2009-murakami.pdf
9. Nance, K., Bishop, M., Hay, B.: Virtual Machine Introspection: Observation or Interference? IEEE Security and Privacy 6(5) (2008)
10. Seshadri, A., Luk, M., Qu, N., Perrig, A.: SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. In: The 21st ACM Symposium on Operating Systems Principles, SOSP (2007)
11. Shinagawa, T., et al.: BitVisor: A Thin Hypervisor for Enforcing I/O Device Security, Virtual Execution Environments, VEE (2009)
12. Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A New Approach to Computer Security via Binary Analysis. In: International Conference on Information Systems Security, ICISS (2008)
13. Swift, M.M., Bershad, B.N., Levy, H.M.: Improving the Reliability of Commodity Operating Systems. In: 19th ACM Symposium on Operating Systems Principles, SOSP (2003)
14. Vasudevan, A., Yerraballi, R.: Stealth Breakpoints. In: 21st Annual Computer Security Applications Conference, ACSAC (2005)
15. Xiong, X., Tian, D., Liu, P.: Practical Protection of Kernel Integrity for Commodity OS from Untrusted Extension. In: 18th Annual Network & Distributed System Security Symposium, NDSS (2011)
16. Yan, L., Jayachandra, M., Zhang, M., Yin, H.: V2E: combining hardware virtualization and softwareemulation for transparent and extensible malware analysis, Virtual Execution Environments, VEE (2012)