Motivation 2 Static Acquisition Live Acquisition Static AcquisitionLive Acquisition In-Disk Evidence In-Memory Evidence 24/7 Availability Servers.

Slides:



Advertisements
Similar presentations
Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines J. LeVasseur V. Uhlig J. Stoess S. G¨otz University of Karlsruhe,
Advertisements

Virtualization Dr. Michael L. Collard
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Microkernels: Mach and L4
Virtualization and the Cloud
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”
Virtualization for Cloud Computing
LINUX Virtualization Running other code under LINUX.
Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield.
Windows 7 Windows Server 2008 R2 VirtualizationVirtualization Heterogeneous Server Environment Inventory Linux, Unix & VMware Windows 7 & Server 2008.
E Virtual Machines Lecture 4 Device Virtualization
Virtualization-optimized architectures
Tanenbaum 8.3 See references
Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
Remus: VM Replication Jeff Chase Duke University.
1 Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield.
Bob Gilber, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna University of California, Santa Barbara RAID 2011,9 報告者:張逸文 1.
Secure & flexible monitoring of virtual machine University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January.
Secure Out-of-band Remote Management Using Encrypted Virtual Serial Consoles in IaaS Clouds Kenichi Kourai Tatsuya Kajiwara Kyushu Institute of Technology.
The Best of Both Worlds with On-Demand Virtualization Thawan Kooburat and Michael M. Swift On-Demand Virtualization allows systems to benefit from virtualization.
Virtual Machine and its Role in Distributed Systems.
Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:
Politecnico di Torino Dipartimento di Automatica ed Informatica TORSEC Group Performance of Xen’s Secured Virtual Networks Emanuele Cesena Paolo Carlo.
Secure Operating Stuff Lesson “like” 7 (a): Virtualization.
Our work on virtualization Chen Haogang, Wang Xiaolin {hchen, Institute of Network and Information Systems School of Electrical Engineering.
CS533 Concepts of Operating Systems Jonathan Walpole.
Nathanael Thompson and John Kelm
Author: Monirul Sharif, Wenke Lee, Weidong Cui, Andrea Lanzi Reportor: Chun-Chih Wu Advisor: Hsing-Kuo Pao Select: CCS09’
How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.
“Trusted Passages”: Meeting Trust Needs of Distributed Applications Mustaque Ahamad, Greg Eisenhauer, Jiantao Kong, Wenke Lee, Bryan Payne and Karsten.
The xCloud and Design Alternatives Presented by Lavone Rodolph.
1 Virtual Machine Memory Access Tracing With Hypervisor Exclusive Cache USENIX ‘07 Pin Lu & Kai Shen Department of Computer Science University of Rochester.
0 Penn State, NSRC Industry Day, Trent Jaeger – Past Projects and Results Linux Security –Aim to Build Measurable, High Integrity Linux Systems.
Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.
Copyright © 2015 Miao Yu, Virgil D. Gligor, and Zongwei Zhou CyLab and ECE Department Carnegie Mellon University {miaoy1,
Full and Para Virtualization
Virtualization One computer can do the job of multiple computers, by sharing the resources of a single computer across multiple environments. Turning hardware.
CSE 451: Operating Systems Winter 2015 Module 25 Virtual Machine Monitors Mark Zbikowski Allen Center 476 © 2013 Gribble, Lazowska,
Extending Xen * with Intel ® Virtualization Technology Mobile Embedded System Choi, Jin-yong
Windows Server 2008 VSP Windows Kernel Applications Non- Hypervisor Aware OS Windows Server 2003, 2008 Windows Kernel VSC VMBus Emulation “Designed.
E Virtual Machines Lecture 1 What is Virtualization? Scott Devine VMware, Inc.
VIRTUAL MACHINE – VMWARE. VIRTUAL MACHINE (VM) What is a VM? – A virtual machine (VM) is a software implementation of a computing environment in which.
Study on “Secure In-VM Monitoring Using Hardware Virtualization” Qiang.Guan Dependable Computing System Lab New Mexico Tech.
Virtualization - an introduction Gordon Ross Computing Service.
Welcome to the Virtual Machine Mark Cyzyk The Sheridan Libraries Johns Hopkins University.
XEN – The Art of Virtualisation. So what is Virtualisation? ● Makes use of spare capacity ● Run multiple instances of OSes simultaneously ● Multitasking.
Virtualization.
Trusted Computing and the Trusted Platform Module
Virtualization Dr. Michael L. Collard
Lecture 24 Virtual Machine Monitors
Java Win32 native Java VM Linux OS ARM VM Runtime Windows OS
XenFS Sharing data in a virtualised environment
1. 2 VIRTUAL MACHINES By: Satya Prasanna Mallick Reg.No
OS Virtualization.
Practical Rootkit Detection with RAI
Virtual machines benefits
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
Sai Krishna Deepak Maram, CS 6410
SCONE: Secure Linux Containers Environments with Intel SGX
Shielding applications from an untrusted cloud with Haven
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
Stefano Tempesta Secure Machine Learning with SQL Server Always Encrypted with Secure Enclaves.
Hypervisor A hypervisor or virtual machine monitor (VMM) is computer software, firmware or hardware that creates and runs virtual machines. A computer.
Presentation transcript:

Motivation 2 Static Acquisition Live Acquisition Static AcquisitionLive Acquisition In-Disk Evidence In-Memory Evidence 24/7 Availability Servers

Problem - Live Acquisition 3 Live Acquisition Target System requiring in VM Already Low Result Accuracy Virtualization Introspection In-OS Introspection

Late Virtualization 4

5 Hardware OS Kernel User App Vis Hypervisor Virtual Machine Event Handler Vis Driver Event

Virtual Snapshot 6 Dump! Time Finish! Guest Virtual Pages Unmodified Modified Acquisition Duration (>10 Seconds) Guest Physical Pages Machine Physical Pages Legend

Virtual Snapshot 7 Dump! Time Finish! Guest Virtual Pages Unmodified Modified Acquisition Duration (>10 Seconds) Guest Physical Pages Machine Physical Pages Legend

Virtual Snapshot 8 Dump! Time Finish! Guest Virtual Pages Unmodified Modified Acquisition Duration (>10 Seconds) Guest Physical Pages Machine Physical Pages Legend Dumping

Implementation Based on Techniques: – Intel® VT-x – EPT for Nested Paging Vis Prototype – Support Windows 7 i386 (Uniprocessor) – Tailored from NewBluePill (Hypervisor based virus) 9

Effectiveness Evaluation 10

Performance Evaluation 11 Normalized Performance Benchmarks

Performance Evaluation 12 Normalized Performance

Discussions Trustworthy hypervisor – Hypervisor code can be attested before being loaded via Trusted Platform Module (TPM) (Martignoni et al, RAID’10) No nested virtualization – The Turtles Project (Muli et al, OSDI’10) – For future work A little invasion is acceptable – Locard’s exchange principle (Chisum, Journal of Behavioral Profiling, January 2000) 13

Summary Vis achieved: – Virtualization for native system – Accurate acquisition 14 Vis Virtualization for Native System Accurate Acquisition

Backup 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.