Malware Clearance for Secure Commitment of OS-Level Virtual Machines

Zhiyong Shan; Xin Wang; Tzi-cker Chiueh

doi:10.1109/TDSC.2012.88

Publication
PrePrints
Abstract - Malware Clearance for Secure Commitment of OS-Level Virtual Machines

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Zhiyong Shan Articles by Xin Wang Articles by Tzi-cker Chiueh

Malware Clearance for Secure Commitment of OS-Level Virtual Machines

PrePrint

ISSN: 1545-5971

	ASCII Text	x
	Zhiyong Shan, Xin Wang, Tzi-cker Chiueh, "Malware Clearance for Secure Commitment of OS-Level Virtual Machines," IEEE Transactions on Dependable and Secure Computing, vol. 99, no. 1, pp. 1, , 5555.

	BibTex	x
	@article{ 10.1109/TDSC.2012.88, author = {Zhiyong Shan and Xin Wang and Tzi-cker Chiueh}, title = {Malware Clearance for Secure Commitment of OS-Level Virtual Machines}, journal ={IEEE Transactions on Dependable and Secure Computing}, volume = {99}, number = {1}, issn = {1545-5971}, year = {5555}, pages = {1}, doi = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.88}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - JOUR JO - IEEE Transactions on Dependable and Secure Computing TI - Malware Clearance for Secure Commitment of OS-Level Virtual Machines IS - 1 SN - 1545-5971 SP EP EPD - 1 A1 - Zhiyong Shan, A1 - Xin Wang, A1 - Tzi-cker Chiueh, PY - 5555 KW - Invasive software KW - OS-Level Virtual Machine KW - Software/Software Engineering KW - Operating Systems KW - Security and Privacy Protection VL - 99 JA - IEEE Transactions on Dependable and Secure Computing ER -

Zhiyong Shan, Stony Brook University, Stony Brook and Renmin University of China, Beijing

Xin Wang, Stony Brook University, Stony Brook

Tzi-cker Chiueh, Stony Brook University, Stony Brook

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.88

A virtual machine(VM) can be simply created upon use and disposed upon the completion of the tasks or the detection of error. The disadvantage of this approach is that if there is no malicious activity, the user has to re-do all of the work in her actual workspace since there is no easy way to commit (i.e., merge) only the benign updates within the VM back to the host environment. In this work, we develop a VM commitment system called Secom to automatically eliminate malicious state changes when merging the contents of an OS-level VM to the host. Secom consists of three steps: grouping state changes into clusters, distinguishing between benign and malicious clusters, and committing benign clusters. Secom has three novel features. First, it leverages OS-level information flow and malware behavior information to recognize malicious changes. Second, it identifies malicious objects on a cluster by cluster basis. Third, it simultaneously considers two malware behaviors that are of different types and the origin of the processes that exhibit these behaviors, rather than considers a single behavior alone as done by existing malware detection methods. Experiments show that our prototype can effectively eliminate malicious state changes while committing a VM with small performance degradation.

Index Terms:

Invasive software,OS-Level Virtual Machine,Software/Software Engineering,Operating Systems,Security and Privacy Protection

Citation:

Zhiyong Shan, Xin Wang, Tzi-cker Chiueh, "Malware Clearance for Secure Commitment of OS-Level Virtual Machines," IEEE Transactions on Dependable and Secure Computing, 30 Nov. 2012. IEEE computer Society Digital Library. IEEE Computer Society, <http://doi.ieeecomputersociety.org/10.1109/TDSC.2012.88>

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.