A software vulnerability analysis environment based on virtualization technology

IEEE International Conference on Wireless Communications, Networking and Information Security Pub Date : 1900-01-01 DOI:10.1109/WCINS.2010.5541854

Chunlei Wang, Yan Wen, Yiqi Dai

{"title":"A software vulnerability analysis environment based on virtualization technology","authors":"Chunlei Wang, Yan Wen, Yiqi Dai","doi":"10.1109/WCINS.2010.5541854","DOIUrl":null,"url":null,"abstract":"The accurate identification and effective analysis of software vulnerabilities depends on flexible and extensible analysis environment. However, current research work cannot provide highly available environment supporting for different types of vulnerabilities. Aiming at the problem, this paper proposes a novel method for constructing software vulnerability analysis environment based upon virtualization technique, defines the system level simulation model for vulnerability analysis, and describes the simulation model based vulnerability analysis method. Based upon the simulation model and analysis method, we have designed and implemented the Virtualization-based Vulnerability Analysis Environment (VirtualVAE), which can examine the operation behaviors of guest operation system and applications at hardware level, and analyze the operation process of sensitive data in the whole system. Therefore, it can accurately simulate a wide variety of system behaviors, and provide dynamic analysis capabilities for different types of vulnerabilities. The experimental results show that it provides a flexible environment for accurately identifying and analyzing the vulnerabilities of software systems.","PeriodicalId":272940,"journal":{"name":"IEEE International Conference on Wireless Communications, Networking and Information Security","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE International Conference on Wireless Communications, Networking and Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WCINS.2010.5541854","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

The accurate identification and effective analysis of software vulnerabilities depends on flexible and extensible analysis environment. However, current research work cannot provide highly available environment supporting for different types of vulnerabilities. Aiming at the problem, this paper proposes a novel method for constructing software vulnerability analysis environment based upon virtualization technique, defines the system level simulation model for vulnerability analysis, and describes the simulation model based vulnerability analysis method. Based upon the simulation model and analysis method, we have designed and implemented the Virtualization-based Vulnerability Analysis Environment (VirtualVAE), which can examine the operation behaviors of guest operation system and applications at hardware level, and analyze the operation process of sensitive data in the whole system. Therefore, it can accurately simulate a wide variety of system behaviors, and provide dynamic analysis capabilities for different types of vulnerabilities. The experimental results show that it provides a flexible environment for accurately identifying and analyzing the vulnerabilities of software systems.

查看原文