Full Virtual Machine State Reconstruction for Security Applications
This work explores the possibilities and implications of bridging the semantic gap between the hypervisor and its virtual machines to support security applications using a technique called virtual machine introspection (VMI). We define a formal model for VMI to describe and compare such approaches. We then propose, implement and evaluate a novel VMI framework that applies knowledge of the operating system and derived through a source code analysis to reconstruct the kernel state from physical memory.
Full Virtual Machine State Reconstruction for Security Applications
| Authors: | Christian Schneider |
| Year/month: | 2013/4 |
| School: | Technische Universität München |
| Type: | Dissertation |
| Fulltext: | phd_schneider2013.pdf |
Abstract |
|
| This work explores the possibilities and implications of bridging the semantic gap between the hypervisor and its virtual machines to support security applications using a technique called virtual machine introspection (VMI). We define a formal model for VMI to describe and compare such approaches. We then propose, implement and evaluate a novel VMI framework that applies knowledge of the operating system and derived through a source code analysis to reconstruct the kernel state from physical memory. | |
Bibtex:
@phdthesis { SchneiderPhd2013,author = { Christian Schneider},
title = { Full Virtual Machine State Reconstruction for Security Applications },
year = { 2013 },
school = { Technische Universität München },
month = { April },
url = {https://www.sec.in.tum.de/i20/publications/full-virtual-machine-state-reconstruction-for-security-applications/@@download/file/phd_schneider2013.pdf},
type = { Dissertation },
}