Article

Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection

Authors:

Brendan Dolan-Gavitt,

Tim Leek,

Michael Zhivich,

Jonathon Giffin,

Wenke LeeAuthors Info & Claims

SP '11: Proceedings of the 2011 IEEE Symposium on Security and Privacy

Pages 297 - 312

https://doi.org/10.1109/SP.2011.11

Published: 22 May 2011 Publication History

Abstract

Introspection has featured prominently in many recent security solutions, such as virtual machine-based intrusion detection, forensic memory analysis, and low-artifact malware analysis. Widespread adoption of these approaches, however, has been hampered by the semantic gap: in order to extract meaningful information about the current state of a virtual machine, detailed knowledge of the guest operating system's inner workings is required. In this paper, we present a novel approach for automatically creating introspection tools for security applications with minimal human effort. By analyzing dynamic traces of small, in-guest programs that compute the desired introspection information, we can produce new programs that retrieve the same information from outside the guest virtual machine. We demonstrate the efficacy of our techniques by automatically generating 17 programs that retrieve security information across 3 different operating systems, and show that their functionality is unaffected by the compromise of the guest system. Our technique allows introspection tools to be effortlessly generated for multiple platforms, and enables the development of rich introspection-based security applications.

Cited By

View all

Lin HQiu JWang HLi ZGong LGao DLiu YQian FZhang ZYang PXu T(2024)Take the Blue Pill: Pursuing Mobile App Testing Fidelity, Efficiency, and Accessibility with Virtual Device FarmsGetMobile: Mobile Computing and Communications10.1145/3665112.366511428:1(5-9)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3665112.3665114
Liu XYou WYe YZhang ZHuang JZhang XRoychoudhury APaiva AAbreu RStorey M(2024)FuzzInMem: Fuzzing Programs via In-memory StructuresProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639172(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639172
Ma BYang YLi JZhang FShen WZhou YMa JMeng WJensen CCremers CKirda E(2023)Travelling the Hypervisor and SSD: A Tag-Based Approach Against Crypto Ransomware with Fine-Grained Data RecoveryProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616665(341-355)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616665
Show More Cited By

Recommendations

Efficient VM Introspection in KVM and Performance Comparison with Xen
PRDC '14: Proceedings of the 2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing

Intrusion detection system (IDS) offloading is useful for securely executing IDSes. It runs a target system in a virtual machine (VM) and enables IDSes to monitor the VM from the outside using VM introspection. Although VM introspection is well studied, ...
Virtual Machine Introspection
SIN '14: Proceedings of the 7th International Conference on Security of Information and Networks

Due to exposure to the Internet, virtual machines (VMs) as forms of delivering virtualized infrastructures and resources represent a first point-of-target for security attackers who want to gain access into the virtualization environment. In-VM ...
Performance Analysis of Virtual Machine Introspection Tools in Cloud Environment
ICIA-16: Proceedings of the International Conference on Informatics and Analytics

Virtual Machine (VM) security is one of the biggest issues with a cloud environment. This issue could be solved with the help of Virtual Machine Introspection (VMI) tools. VMI tools monitor the state of Virtual machine running in the cloud environment. ...

Comments

Information & Contributors

Information

Published In

SP '11: Proceedings of the 2011 IEEE Symposium on Security and Privacy

May 2011

527 pages

ISBN:9780769544021

Publisher

IEEE Computer Society

United States

Publication History

Published: 22 May 2011

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

96
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lin HQiu JWang HLi ZGong LGao DLiu YQian FZhang ZYang PXu T(2024)Take the Blue Pill: Pursuing Mobile App Testing Fidelity, Efficiency, and Accessibility with Virtual Device FarmsGetMobile: Mobile Computing and Communications10.1145/3665112.366511428:1(5-9)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3665112.3665114
Liu XYou WYe YZhang ZHuang JZhang XRoychoudhury APaiva AAbreu RStorey M(2024)FuzzInMem: Fuzzing Programs via In-memory StructuresProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639172(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639172
Ma BYang YLi JZhang FShen WZhou YMa JMeng WJensen CCremers CKirda E(2023)Travelling the Hypervisor and SSD: A Tag-Based Approach Against Crypto Ransomware with Fine-Grained Data RecoveryProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616665(341-355)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616665
Dangl TSentanoe SReiser H(2023)VMIFreshComputers and Security10.1016/j.cose.2023.103527135:COnline publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103527
Ge XKuo HCui WYin HStavrou ACremers CShi E(2022)HecateProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560592(1231-1242)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560592
Franzen FHoll TAndreas MKirsch JGrossklags J(2022)Katana: Robust, Automated, Binary-Only Forensic Analysis of Linux Memory SnapshotsProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3545948.3545980(214-231)Online publication date: 26-Oct-2022
https://dl.acm.org/doi/10.1145/3545948.3545980
Oliveri ABalzarotti D(2022)In the Land of MMUs: Multiarchitecture OS-Agnostic Virtual Memory ForensicsACM Transactions on Privacy and Security10.1145/352810225:4(1-32)Online publication date: 9-Jul-2022
https://dl.acm.org/doi/10.1145/3528102
Thalheim JOkelmann PUnnibhavi HGouicem RBhatotia PBromberg YKermarrec AKozyrakis C(2022)VMSHProceedings of the Seventeenth European Conference on Computer Systems10.1145/3492321.3519589(678-696)Online publication date: 28-Mar-2022
https://dl.acm.org/doi/10.1145/3492321.3519589
Pagani FBalzarotti D(2021)AutoProfile: Towards Automated Profile Generation for Memory AnalysisACM Transactions on Privacy and Security10.1145/348547125:1(1-26)Online publication date: 23-Nov-2021
https://dl.acm.org/doi/10.1145/3485471
Jiang MMa LZhou YLiu QZhang CWang ZLuo XWu LRen KKim YKim JVigna GShi E(2021)ECMO: Peripheral Transplantation to Rehost Embedded Linux KernelsProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security10.1145/3460120.3484753(734-748)Online publication date: 12-Nov-2021
https://dl.acm.org/doi/10.1145/3460120.3484753
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

Efficient VM Introspection in KVM and Performance Comparison with Xen

Virtual Machine Introspection

Performance Analysis of Virtual Machine Introspection Tools in Cloud Environment

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations