A formal model for virtual machine introspection

Pfoh, Jonas; Schneider, Christian; Eckert, Claudia

doi:10.1145/1655148.1655150

Cited by 59 publications

(21 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Formally, DS-VMI is an out-of-band introspection method [29]. XenAccess [28] introspects both memory and disk, but only infers file creations and deletions.…”

Section: Related Workmentioning

confidence: 99%

Agentless Cloud-Wide Streaming of Guest File System Updates

Richter

Isci

Gilbert

et al. 2014

2014 IEEE International Conference on Cloud Engineering

View full text Add to dashboard Cite

Abstract-We propose a non-intrusive approach for monitoring virtual machines (VMs) in the cloud. At the core of this approach is a mechanism for selective real-time monitoring of guest file updates within VM instances. This mechanism is agentless, requiring no guest VM support. It has low virtual I/O overhead, low latency for emitting file updates, and a scalable design. Its central design principle is distributed streaming of file updates inferred from introspected disk sector writes. The mechanism, called DS-VMI, enables many system administration tasks that involve monitoring files to be performed outside VMs.

show abstract

“…Formally, DS-VMI is an out-of-band introspection method [29]. XenAccess [28] introspects both memory and disk, but only infers file creations and deletions.…”

Section: Related Workmentioning

confidence: 99%

Agentless Cloud-Wide Streaming of Guest File System Updates

Richter

Isci

Gilbert

et al. 2014

2014 IEEE International Conference on Cloud Engineering

View full text Add to dashboard Cite

show abstract

“…Chen et al [12] stated that secure logging and intrusion detection could benefit from the virtualized environment. A formal model [13] of VMI is even proposed for describing VMI techniques.…”

Section: Related Workmentioning

confidence: 99%

Combining Dynamic Passive Analysis and Active Fingerprinting for Effective Bot Malware Detection in Virtualized Environments

Hsiao

Chen

Sun

et al. 2013

Network and System Security

View full text Add to dashboard Cite

Abstract. We propose a detection mechanism that takes the advantage of virtualized environment and combines both passive and active detection approaches for detecting bot malware. Our proposed passive detection agent lies in the virtual machine monitor to profile the bot behavior and check against it with other hosts. The proposed active detection agent that performs active bot fingerprinting can send specific stimulus to a host and examine if there exists expected triggered behavior. In our experiments, our system can distinguish bots and the benign process with low false alarm. The active fingerprinting technique can detect a bot even when a bot does not do its malicious jobs.

show abstract

“…One of these virtual firewall implementations is VMwall [30], which runs in the privileged virtual machine that controls the Xen hypervisor and uses virtual machine introspection [31]. This is the process of inspecting the data structures of a separate virtual machine.…”

Section: Malware Detection and Preventionmentioning

confidence: 99%

A survey on securing the virtual cloud

Denz

Taylor

2013

Journal of Cloud Computing: Advances, Systems and Applications

View full text Add to dashboard Cite

The paper presents a survey and analysis of the current security measures implemented in cloud computing and the hypervisors that support it. The viability of an efficient virtualization layer has led to an explosive growth in the cloud computing industry, exemplified by Amazon's Elastic Cloud, Apple's iCloud, and Google's Cloud Platform. However, the growth of any sector in computing often leads to increased security risks. This paper explores these risks and the evolution of mitigation techniques in open source cloud computing. Unlike uniprocessor security, the use of a large number of nearly identical processors acts as a vulnerability amplifier: a single vulnerability being replicated thousands of times throughout the computing infrastructure. Currently, the community is employing a diverse set of techniques in response to the perceived risk. These include malware prevention and detection, secure virtual machine managers, and cloud resilience. Unfortunately, this approach results in a disjoint response based more on detection of known threats rather than mitigation of new or zero-day threats, which are often left undetected. An alternative way forward is to address this issue by leveraging the strengths from each technique in combination with a focus on increasing attacker workload. This approach would make malicious operation time consuming and deny persistence on mission time-scales. It could be accomplished by incorporating migration, non-determinism, and resilience into the fabric of virtualization.

show abstract

A formal model for virtual machine introspection

Cited by 59 publications

References 7 publications

Agentless Cloud-Wide Streaming of Guest File System Updates

Agentless Cloud-Wide Streaming of Guest File System Updates

Combining Dynamic Passive Analysis and Active Fingerprinting for Effective Bot Malware Detection in Virtualized Environments

A survey on securing the virtual cloud

Contact Info

Product

Resources

About