A novel file integrity monitoring method via introspection virtual machine

سال انتشار: 1392
نوع سند: مقاله کنفرانسی
زبان: انگلیسی
مشاهده: 2,218

فایل این مقاله در 9 صفحه با فرمت PDF قابل دریافت می باشد

استخراج به نرم افزارهای پژوهشی:

لینک ثابت به این مقاله:

شناسه ملی سند علمی:

ECDC07_064

تاریخ نمایه سازی: 9 تیر 1392

چکیده مقاله:

Nowadays, critical systems are being virtualized in the name of, amongst other things,cost savings. The file system becomes the usual target of malicious attacks because itcontains a lots of sensitive data, such as executable programs, configuration and authorization information. If unintended changes happen on the related file, it may affectthe security of related computer system. File integrity monitoring is an effective approachto discover aggressive behavior by detecting modification actions on these sensitive files. Organizations are going to gain confidence in virtualization. Virtual machineintrospection describes the method of monitoring and analyzing the state of a virtual machine from the hypervisor level. Having the benefits of virtualization to design security application, it can bring over traditional computing infrastructures and practices.Semantic gap and the cost of context switches between the trusted monitor and the virtualmachine being monitored are challenges in security application base on virtualization. Inthis paper, we present a model to design real-time file integrity monitoring application in virtual machine-based computing environment, which is trying to bridge semantic gap and reduce context switching. By comparing existing method, we infer this is a propermodel to design file integrity monitoring applications based on virtualization that is feasible in many of other security systems based on virtualization.

نویسندگان

Masoudeh Keshavarzi

Master’s Degree Student, Department of Computer, Payame Noor University, Tehran, Iran

Mohammad Reza Heidarinezhad

Assistant Professor, Department of Computer, Payame Noor University, Tehran, Iran

مراجع و منابع این مقاله:

لیست زیر مراجع و منابع استفاده شده در این مقاله را نمایش می دهد. این مراجع به صورت کاملا ماشینی و بر اساس هوش مصنوعی استخراج شده اند و لذا ممکن است دارای اشکالاتی باشند که به مرور زمان دقت استخراج این محتوا افزایش می یابد. مراجعی که مقالات مربوط به آنها در سیویلیکا نمایه شده و پیدا شده اند، به خود مقاله لینک شده اند :
  • Dinaburg, A., Royal, P., Sharif, M., Lee, W. (2008). Ether: ...
  • VMware. White paper: Understanding full virtualization, p aravirtu alization , ...
  • Nitin, A., Kamble, J., Nakajima, and Asit, Mallick, K. (2006). ...
  • Schneider, C., et al. (2012). 'Bridging the Semantic Gap Through ...
  • V. Vaidya Virtualization V ulnerabilities and Threats: A Solution White ...
  • Brian, H., and Kara, N. (2008). TForensics examination of volatile ...
  • Pfoh, J., Schneider, C., and Eckert, C. (2009). 'A formal ...
  • نمایش کامل مراجع