Title :
Semantics-Driven Introspection in a Virtual Environment
Author :
Tamberi, F. ; Maggiari, D. ; Sgandurra, Daniele ; Baiardi, Fabrizio
Author_Institution :
Dipt. di Inf., Univ. di Pisa, Pisa
Abstract :
Semantics-driven monitoring discovers attacks against a process by evaluating invariants on the process state. We propose an approach that increases the robustness and the transparency of the run-time monitoring system by introducing two virtual machines (VMs) running on the same platform. One VM runs the monitored process, i.e. the process P to be protected, while the other one evaluates invariants on P state each time P invokes a system call. To this purpose, an Introspection Library allows the monitoring VM to access the memory and the processor registers of the monitored VM. After describing the overall architecture, we focus on the Introspection Library and the problems posed by the introspection of variables in the memory of a program running in a distinct VM to evaluate invariants. A first prototype implementation is also presented together with preliminary performance results.
Keywords :
security of data; virtual machines; Introspection Library; attack discovery; processor registers; run-time monitoring system; semantics-driven introspection; semantics-driven monitoring; virtual environment; virtual machines; Condition monitoring; Libraries; Protection; Registers; Robustness; Virtual environment; Virtual machine monitors; Virtual machining; Virtual manufacturing; Voice mail; invariant evaluation; system call interception; virtual machine introspection;
Conference_Titel :
Information Assurance and Security, 2008. ISIAS '08. Fourth International Conference on
Conference_Location :
Naples
Print_ISBN :
978-0-7695-3324-7
DOI :
10.1109/IAS.2008.17
