{"title":"Towards Implicitly Introspecting the Preinstalled Operating System with Local-Booting Virtualization Technology","authors":"Yan Wen, Jinjing Zhao, Hua Chen, Minhuan Huang","doi":"10.1109/DASC.2013.34","DOIUrl":null,"url":null,"abstract":"The virtual machine (VM) based introspection on the operating system (OS) holds predominance over previous host-based introspectors for being more resistant to attack while suffering the difficulty of retrieving the semantic view of the OS. Previous approaches addressing this limitation highly depend on the explicit guest information which is still subvertable to the privileged malware. Moreover, they only deal with the OS deployed in the VM instead of our daily used native OS. In this paper, we present a new VM-based introspecting approach called Pisces which accurately reproduces the execution environment of the underlying preinstalled OS within the Pisces VM and provides an OS-level semantic view. With our novel local-booting virtualization technology, Pisces VM just boots from the underlying host OS but not a newly installed OS image. Thus, Pisces provides a feasible way to introspect on the existing OS. In addition, instead of relying on the explicit guest information, Pisces adopts a set of unique techniques to implicitly construct the semantic view of the OS from within the virtualized hardware layer. The evaluation results demonstrate its practicality and effectiveness.","PeriodicalId":179557,"journal":{"name":"2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DASC.2013.34","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The virtual machine (VM) based introspection on the operating system (OS) holds predominance over previous host-based introspectors for being more resistant to attack while suffering the difficulty of retrieving the semantic view of the OS. Previous approaches addressing this limitation highly depend on the explicit guest information which is still subvertable to the privileged malware. Moreover, they only deal with the OS deployed in the VM instead of our daily used native OS. In this paper, we present a new VM-based introspecting approach called Pisces which accurately reproduces the execution environment of the underlying preinstalled OS within the Pisces VM and provides an OS-level semantic view. With our novel local-booting virtualization technology, Pisces VM just boots from the underlying host OS but not a newly installed OS image. Thus, Pisces provides a feasible way to introspect on the existing OS. In addition, instead of relying on the explicit guest information, Pisces adopts a set of unique techniques to implicitly construct the semantic view of the OS from within the virtualized hardware layer. The evaluation results demonstrate its practicality and effectiveness.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
