虚拟机自省中一种消除语义鸿沟的方法
Narrowing the semantic gap in virtual machine introspection
查看参考文献19篇
|
文摘
|
虚拟机自省技术已经广泛应用于入侵检测和恶意软件分析等领域。但是由于语义鸿沟的存在,获取虚拟机内部信息时会导致其通用性和执行效率降低。通过分析现有语义鸿沟修复技术的不足,提出了一种称为ModSG的语义鸿沟消除方法。ModSG是一个模块化系统,将语义修复分为2部分:与用户直接交互的在线语义视图构建和与操作系统知识交互的离线高级语义解析。二者以独立的模块实现且后者为前者提供语义重构时必要的内核语义信息。针对不同虚拟机状态和不同内核版本操作系统的实验表明,ModSG在消除语义鸿沟上是准确和高效的。模块化设计和部署也使ModSG容易扩展到其他操作系统和虚拟化平台上。 |
|
其他语种文摘
|
Virtual machine introspection(VMI) has been widely used in areas such as intrusion detection and malware analysis. However, due to the existence of semantic gap, the generality and the efficiency of VMI were partly influenced while getting internal information of a virtual machine. By analyzing the deficiencies of existing technology of semantic gap restoration, a method called ModSG was proposed to bridge the semantic gap. ModSG was a modularity system, it divided semantic restoration into two parts. One was online phase that interact directly with user to construct semantic views, the other was offline phase that only interact with operating system to parse high-level semantic knowledge. Both were implemented via independent module, and the latter provided the former with necessary kernel information during semantic view construction. Experiments on different virtual machine states and different kernel versions show that the ModSG is accurate and efficient in narrowing semantic gap. The modular design and deployment also make ModSG easily to be extended to other operating systems and virtualization platforms. |
|
来源
|
通信学报
,2015,36(8):31-37 【核心库】
|
|
DOI
|
10.11959/j.issn.1000-436x.2015103
|
|
关键词
|
语义鸿沟
;
虚拟机自省
;
模块化系统
;
可移植性
|
|
地址
|
1.
中国科学院合肥智能机械研究所, 安徽, 合肥, 230031
2.
中国科学院安徽循环经济技术工程院, 安徽, 合肥, 230088
|
|
语种
|
中文 |
|
文献类型
|
研究性论文 |
|
ISSN
|
1000-436X |
|
学科
|
自动化技术、计算机技术 |
|
基金
|
中国科学院合肥物质科学研究院院长基金
;
国家自然科学基金资助项目
|
|
文献收藏号
|
CSCD:5496348
|
参考文献 共
19
共1页
|
|
1.
Garfinkel T. A virtual machine introspection based architecture for intrusion detection.
Network and Distributed System Security Symposium,2003
|
CSCD被引
1
次
|
|
|
|
|
2.
Jiang X. Stealthy malware detection through VMM-based "out-of-the-box" semantic view reconstruction.
Computer and Communication Security,2007:128-138
|
CSCD被引
1
次
|
|
|
|
|
3.
Jiang X. Out-of-the-box monitoring of VM-based high-interaction honeypots.
Recent Advances in Intrusion Detection,2007:198-218
|
CSCD被引
1
次
|
|
|
|
|
4.
Hay B. Forensics examination of volatile system data using virtual introspection.
ACM Sigops OS Review,2008,42(3):74-82
|
CSCD被引
3
次
|
|
|
|
|
5.
Dolan-G B.
Leveraging forensic tools for virtual machine introspection, GT-CS-11-05,2011
|
CSCD被引
1
次
|
|
|
|
|
6.
Chen P M. When virtual is better than real.
Hot Topics in Operating Systems (HOTOS '01),2001,8:133-138
|
CSCD被引
1
次
|
|
|
|
|
7.
Jones S T. Antfarm: tracking processes in a virtual machine environment.
Proc of the 2006 USENIX Annual Technical Conference,2006
|
CSCD被引
1
次
|
|
|
|
|
8.
LKCD.
Linux Kernel Crash Dump
|
CSCD被引
1
次
|
|
|
|
|
9.
康华.
从VMM中识别GUEST OS中的用户进程
|
CSCD被引
1
次
|
|
|
|
|
10.
Pfoh J. A formal model for virtual machine introspection.
Proceedings of the 2nd Workshop on Virtual Machine Security (VMSec'09),2009:1-10
|
CSCD被引
1
次
|
|
|
|
|
11.
Dolan G B. Virtuoso: narrowing the semantic gap in virtual machine introspection.
Proceedings of the 33rd IEEE Symposium on Security and Privacy, 32,2011:297-312
|
CSCD被引
1
次
|
|
|
|
|
12.
Fu Y. Space traveling across VM: automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection.
Proceedings of the 33rd IEEE Symposium on Security and Privacy,2012:586-600
|
CSCD被引
1
次
|
|
|
|
|
13.
.
The Xen project power
|
CSCD被引
1
次
|
|
|
|
|
14.
.
KVM
|
CSCD被引
2
次
|
|
|
|
|
15.
.
QEMU
|
CSCD被引
4
次
|
|
|
|
|
16.
石磊.
Xen虚拟化技术,2009
|
CSCD被引
21
次
|
|
|
|
|
17.
英特尔开源软件技术中心.
系统虚拟化:原理与实现,2009
|
CSCD被引
7
次
|
|
|
|
|
18.
Robert L.
Linux Kernel Development,2005
|
CSCD被引
3
次
|
|
|
|
|
19.
.
Suterusu
|
CSCD被引
1
次
|
|
|
|
|
了解气象卫星更多信息,请访问