Entry Fu:2013:BSG from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017                Valid HTML 3.2!

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Fu:2013:BSG,
  author =       "Yangchun Fu and Zhiqiang Lin",
  title =        "Bridging the Semantic Gap in Virtual Machine
                 Introspection via Online Kernel Data Redirection",
  journal =      j-TISSEC,
  volume =       "16",
  number =       "2",
  pages =        "7:1--7:??",
  month =        sep,
  year =         "2013",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2505124",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Mon Sep 23 17:04:07 MDT 2013",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib;
                 http://www.math.utah.edu/pub/tex/bib/virtual-machines.bib",
  abstract =     "It is generally believed to be a tedious,
                 time-consuming, and error-prone process to develop a
                 virtual machine introspection (VMI) tool because of the
                 semantic gap. Recent advance shows that the
                 semantic-gap can be largely narrowed by reusing the
                 executed code from a trusted OS kernel. However, the
                 limitation for such an approach is that it only reuses
                 the exercised code through a training process, which
                 suffers the code coverage issues. Thus, in this
                 article, we present Vmst, a new technique that can
                 seamlessly bridge the semantic gap and automatically
                 generate the VMI tools. The key idea is that, through
                 system wide instruction monitoring, Vmst automatically
                 identifies the introspection related data from a
                 secure-VM and online redirects these data accesses to
                 the kernel memory of a product-VM, without any
                 training. Vmst offers a number of new features and
                 capabilities. Particularly, it enables an in-VM
                 inspection program (e.g., ps) to automatically become
                 an out-of-VM introspection program. We have tested Vmst
                 with over 25 commonly used utilities on top of a number
                 of different OS kernels including Linux and Microsoft
                 Windows. The experimental results show that our
                 technique is general (largely OS-independent), and it
                 introduces 9.3X overhead for Linux utilities and 19.6X
                 overhead for Windows utilities on average for the
                 introspected program compared to the native in-VM
                 execution without data redirection.",
  acknowledgement = ack-nhfb,
  articleno =    "7",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries