Proceedings of the IEEE/ACM International Conference on Automated Software Engineering 2010
DOI: 10.1145/1858996.1859085
|View full text |Cite
|
Sign up to set email alerts
|

Dynamic and transparent analysis of commodity production systems

Abstract: We propose a framework that provides a programming interface to perform complex dynamic system-level analyses of deployed production systems. By leveraging hardware support for virtualization available nowadays on all commodity machines, our framework is completely transparent to the system under analysis and it guarantees isolation of the analysis tools running on top of it. Thus, the internals of the kernel of the running system needs not to be modified and the whole platform runs unaware of the framework. M… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
31
0

Year Published

2013
2013
2019
2019

Publication Types

Select...
6
2

Relationship

1
7

Authors

Journals

citations
Cited by 36 publications
(31 citation statements)
references
References 13 publications
0
31
0
Order By: Relevance
“…An alternative VMI approach leverages advanced CPU features to interpose the security functions between the OS and the hardware [28], [29]. However, this kind of hypervisor does not have the control over all the machine components.…”
Section: Architecturementioning
confidence: 99%
“…An alternative VMI approach leverages advanced CPU features to interpose the security functions between the OS and the hardware [28], [29]. However, this kind of hypervisor does not have the control over all the machine components.…”
Section: Architecturementioning
confidence: 99%
“…While this will not allow for preventing successful attacks, it can still be used for detection. Another approach, which is being more similar to our work, is called HyperDbg [4]. It allows for the live installation of an analysis framework under a running OS using hardware virtualization.…”
Section: Related Workmentioning
confidence: 99%
“…Actaeon consists of three components: a standalone VMCS layout Extractor derived from HyperDbg [15], an hypervisor Memory Analysis plugin for the Volatility framework, and a patch for the Volatility core to provide a transparent mechanism to analyze the virtual machines address spaces. The tool, along with a number of datasets and usage examples, can be downloaded from http://s3.eurecom.fr/tools/actaeon.…”
Section: System Implementationmentioning
confidence: 99%
“…The number of commodity hypervisors is limited and, given enough time, it would be possible to analyze all of them and reverse engineer their most relevant data structures, following the same approach used to perform memory forensics of known operating systems. However, custom hypervisors are easy to develop and they are already adopted by many security-related tools [15,22,28,29]. Moreover, malicious hypervisors (so far only proposed as research prototypes [12,19,26,33]) could soon become a reality -thus increasing the urgency of developing the area of virtualization memory forensics.…”
Section: Introductionmentioning
confidence: 99%