Presentation is loading. Please wait.

Presentation is loading. Please wait.

Motivation 2 Static Acquisition Live Acquisition Static AcquisitionLive Acquisition In-Disk Evidence In-Memory Evidence 24/7 Availability Servers.

Published byPiers Golden Modified over 9 years ago

Similar presentations

Presentation on theme: "Motivation 2 Static Acquisition Live Acquisition Static AcquisitionLive Acquisition In-Disk Evidence In-Memory Evidence 24/7 Availability Servers."— Presentation transcript:

1

2 Motivation 2 Static Acquisition Live Acquisition Static AcquisitionLive Acquisition In-Disk Evidence In-Memory Evidence 24/7 Availability Servers

3 Problem - Live Acquisition 3 Live Acquisition Target System requiring in VM Already Low Result Accuracy Virtualization Introspection In-OS Introspection

4 Late Virtualization 4

5 5 Hardware OS Kernel User App Vis Hypervisor Virtual Machine Event Handler Vis Driver Event

6 Virtual Snapshot 6 Dump! Time Finish! Guest Virtual Pages Unmodified Modified Acquisition Duration (>10 Seconds) Guest Physical Pages Machine Physical Pages Legend

7 Virtual Snapshot 7 Dump! Time Finish! Guest Virtual Pages Unmodified Modified Acquisition Duration (>10 Seconds) Guest Physical Pages Machine Physical Pages Legend

8 Virtual Snapshot 8 Dump! Time Finish! Guest Virtual Pages Unmodified Modified Acquisition Duration (>10 Seconds) Guest Physical Pages Machine Physical Pages Legend Dumping

9 Implementation Based on Techniques: – Intel® VT-x – EPT for Nested Paging Vis Prototype – Support Windows 7 i386 (Uniprocessor) – Tailored from NewBluePill (Hypervisor based virus) 9

10 Effectiveness Evaluation 10

11 Performance Evaluation 11 Normalized Performance Benchmarks

12 Performance Evaluation 12 Normalized Performance

13 Discussions Trustworthy hypervisor – Hypervisor code can be attested before being loaded via Trusted Platform Module (TPM) (Martignoni et al, RAID’10) No nested virtualization – The Turtles Project (Muli et al, OSDI’10) – For future work A little invasion is acceptable – Locard’s exchange principle (Chisum, Journal of Behavioral Profiling, January 2000) 13

14 Summary Vis achieved: – Virtualization for native system – Accurate acquisition 14 Vis Virtualization for Native System Accurate Acquisition

15

16 Backup 16

Download ppt "Motivation 2 Static Acquisition Live Acquisition Static AcquisitionLive Acquisition In-Disk Evidence In-Memory Evidence 24/7 Availability Servers."

Similar presentations

Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines J. LeVasseur V. Uhlig J. Stoess S. G¨otz University of Karlsruhe,

Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines J. LeVasseur V. Uhlig J. Stoess S. G¨otz University of Karlsruhe,
Virtualization Dr. Michael L. Collard

Virtualization Dr. Michael L. Collard
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.

XEN AND THE ART OF VIRTUALIZATION Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, lan Pratt, Andrew Warfield.
Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,

Bart Miller. Outline Definition and goals Paravirtualization System Architecture The Virtual Machine Interface Memory Management CPU Device I/O Network,
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
Microkernels: Mach and L4

Microkernels: Mach and L4
Virtualization and the Cloud

Virtualization and the Cloud
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.

Jiang Wang, Joint work with Angelos Stavrou and Anup Ghosh CSIS, George Mason University HyperCheck: a Hardware Assisted Integrity Monitor.
Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”

Virtual Machines. Virtualization Virtualization deals with “extending or replacing an existing interface so as to mimic the behavior of another system”
Virtualization for Cloud Computing

Virtualization for Cloud Computing
LINUX Virtualization Running other code under LINUX.

LINUX Virtualization Running other code under LINUX.
Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield.

Xen and the Art of Virtualization Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield.
Windows 7 Windows Server 2008 R2 VirtualizationVirtualization Heterogeneous Server Environment Inventory Linux, Unix & VMware Windows 7 & Server 2008.

Windows 7 Windows Server 2008 R2 VirtualizationVirtualization Heterogeneous Server Environment Inventory Linux, Unix & VMware Windows 7 & Server 2008.
E Virtual Machines Lecture 4 Device Virtualization

E Virtual Machines Lecture 4 Device Virtualization
Virtualization-optimized architectures

Virtualization-optimized architectures
Tanenbaum 8.3 See references

Tanenbaum 8.3 See references
Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.

Similar presentations

Ads by Google