The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.05 - September/October (2008 vol.6)
pp: 32-37
Kara Nance , University of Alaska, Fairbanks
Matt Bishop , University of California, Davis
Brian Hay , University of Alaska, Fairbanks
ABSTRACT
As virtualization becomes increasingly mainstream, virtual machine introspection techniques and tools are evolving to provide methods to monitor the behavior of virtual machines. This survey classifies and describes current VMI introspection technologies according to three primary classifications: threat monitoring versus interference, semantic awareness, and event replay. The authors also describe the Virtual Introspection for Xen (VIX) tool suite, which was developed to address key VMI requirements, and outline key research areas for future investigation.
INDEX TERMS
virtual machine monitoring, virtual machine introspection, intrusion monitoring, attack analysis
CITATION
Kara Nance, Matt Bishop, Brian Hay, "Virtual Machine Introspection: Observation or Interference?", IEEE Security & Privacy, vol.6, no. 5, pp. 32-37, September/October 2008, doi:10.1109/MSP.2008.134
REFERENCES
1. T. Garfinkel and M. Rosenblum, "A Virtual Machine Introspection-Based Architecture for Intrusion Detection," Proc. 10th Symp. Network and Distributed System Security (NDSS 03), Internet Society, 2003, pp. 191–206.
2. IBM Systems Virtualization Version 2 Release 1, IBM Corp., 2005; publib.boulder.ibm.com/infocenter/eserver/v1r2/topic/eicay/eicay.pdf.
3. Understanding Full Virtualization, Paravirtualization, and Hardware Assist, white paper, VMware, 2007; www.vmware.com/files/pdfVMware_paravirtualization.pdf .
4. S. Jones, A. Arpaci-Dusseau, and R. Arpaci-Dusseau, "VMM-based Hidden Process Detection and Identification Using Lycosid," Proc. ACM Int'l Conf. Virtual Execution Environments (VEE 08), ACM Press, 2008, pp. 91–100.
5. L. Litty and D. Lie, "Manitou: A Layer-Below Approach to Fighting Malware," Proc. Workshop Architectural and System Support for Improving Software Dependability (ASID 06), ACM Press, 2006, pp. 6–11.
6. A. Whitaker et al., "Constructing Services with Interposable Virtual Hardware," Proc. 1st Symp. Networked Systems Design and Implementation (NSDI 04), Mar. 2004.
7. B. Payne et al., "Lares: An Architecture for Secure Active Monitoring Using Virtualization," Proc. IEEE Symp. Security and Privacy, IEEE CS Press, 2008, pp. 233–247.
8. S. Jones, A. Arpaci-Dusseau, and R. Arpaci-Dusseau, "AntFarm: Tracking Processes in a Virtual Machine Environment," Proc. Annual Usenix Tech. Conf., Usenix Assoc., 2008, pp. 1–14.
9. A. Joshi et al., "Detecting Past and Present Intrusions through Vulnerability-Specific Predicates," Proc. Symp. Operating System Principles (SOSP), 2005, pp. 91–104.
10. G.W. Dunlap et al., "ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay," Proc. 2002 Symp. OS Design and Implementation (OSDI 02), ACM Press, 2002, pp. 211–224.
11. S. King, G. Dunlap, and P. Chen, "Debugging Operating Systems with Time-Traveling Virtual Machines," Proc. Annual Usenix Tech. Conf., Usenix Assoc., 2005; www.usenix.org/events/usenix05/tech/general/ kingking.pdf.
12. B. Hay and K. Nance, "Forensics Examination of Volatile System Data Using Virtual Introspection," ACM Sigops OS Review, vol. 42, no. 3, 2008, pp. 74–82.
13. M. Pollitt et al., "Virtualization and Digital Forensics: A Research and Education Agenda," J. Digital Forensic Practice, vol. 2, no. 2, 2008, pp. 62–73.
463 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool