A Universal Semantic Bridge for Virtual Machine Introspection
All systems that utilize virtual machine introspection (VMI) need to overcome the disconnect between the low-level state that the hypervisor sees and its semantics within the guest. This problem has become well-known as the semantic gap. In this work, we introduce our tool, InSight, that establishes a semantic connection between the guest and the hypervisor independent of the application at hand. InSight goes above and beyond previous approaches in that it strives to expose all kernel objects to an application with as little human effort as possible. It features a shell interface for interactive inspection as well as a scripting engine for comfortable and safe development of new VMI-based methods. Due to this flexibility, InSight supports a wide variety of VMI applications, such as intrusion detection, forensic analysis, malware analysis, and kernel debugging.
A Universal Semantic Bridge for Virtual Machine Introspection
Information Systems Security
| Authors: | Christian Schneider, Jonas Pfoh, and Claudia Eckert |
| Year/month: | 2011/12 |
| Booktitle: | Information Systems Security |
| Editor: | Jajodia, Sushil and Mazumdar, Chandan |
| Volume: | 7093 |
| Series: | Lecture Notes in Computer Science |
| Pages: | 370--373 |
| Publisher: | Springer |
| Note: | doi = {http://dx.doi.org/10.1007/978-3-642-25560-1_25} |
| Fulltext: | iciss2011.pdf |
Abstract |
|
| All systems that utilize virtual machine introspection (VMI) need to overcome the disconnect between the low-level state that the hypervisor sees and its semantics within the guest. This problem has become well-known as the semantic gap. In this work, we introduce our tool, InSight, that establishes a semantic connection between the guest and the hypervisor independent of the application at hand. InSight goes above and beyond previous approaches in that it strives to expose all kernel objects to an application with as little human effort as possible. It features a shell interface for interactive inspection as well as a scripting engine for comfortable and safe development of new VMI-based methods. Due to this flexibility, InSight supports a wide variety of VMI applications, such as intrusion detection, forensic analysis, malware analysis, and kernel debugging. | |
Bibtex:
@incolletion { Schneider2011,author = { Christian Schneider and Jonas Pfoh and Claudia Eckert},
title = { A Universal Semantic Bridge for Virtual Machine Introspection },
year = { 2011 },
booktitle = { Information Systems Security },
volume = { 7093 },
publisher = { Springer },
series = { Lecture Notes in Computer Science },
editor = { Jajodia, Sushil and Mazumdar, Chandan },
note = { doi = {http://dx.doi.org/10.1007/978-3-642-25560-1_25} },
pages = { 370--373 },
url = {https://www.sec.in.tum.de/i20/publications/a-universal-semantic-bridge-for-virtual-machine-introspection/@@download/file/iciss2011.pdf}
}