Semantics-driven monitoring discovers attacks against a process by evaluating invariants on the process state. To increase the robustness and the transparency of semantics-driven monitoring, it proposes an approach that introduces two Virtual Machines (VMs) running on the same platform. One VM runs the monitored process, i.e. the process to be protected, while the other one evaluates invariants on the process state each time a process invokes a system call. The evaluation of invariant exploits an Introspection Library that enables the monitoring VM to access the memory and the processor registers of the monitored VM.
Invariant Evaluation through Introspection for Proving Security Properties
BAIARDI, FABRIZIO
2009-01-01
Abstract
Semantics-driven monitoring discovers attacks against a process by evaluating invariants on the process state. To increase the robustness and the transparency of semantics-driven monitoring, it proposes an approach that introduces two Virtual Machines (VMs) running on the same platform. One VM runs the monitored process, i.e. the process to be protected, while the other one evaluates invariants on the process state each time a process invokes a system call. The evaluation of invariant exploits an Introspection Library that enables the monitoring VM to access the memory and the processor registers of the monitored VM.File in questo prodotto:
Non ci sono file associati a questo prodotto.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
