Presentation | 2008-07-24 An enhancement of VMM snapshot utility for detecting code injection Ruo Ando, Youki Kadobayashi, Youichi Shinoda, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | VMM (Virtual Machine Monitor) provide a more fine grained external observability of virutal machine compared with previous operating system and debug tool inside operating system. In this paper we propose an enhancement of snapshot of VMM for detecting code injection attacks. In code injection attacks, attacker inserts arbitrary byte which causes bad effects and result for target system. For detecting code injection attacks, it is hard to apply singnature matching. Instead, behavior based detection such as proactive is applied. In propsed system, notification routine for VMM is inserted to API hool module in virtualized host OS. By doing this, we can take a snapshot of part of memory attacked (infected) just when code injection is occurred. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | |
Paper # | ISEC2008-34,SITE2008-28 |
Date of Issue |
Conference Information | |
Committee | ISEC |
---|---|
Conference Date | 2008/7/17(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Information Security (ISEC) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | An enhancement of VMM snapshot utility for detecting code injection |
Sub Title (in English) | |
Keyword(1) | |
1st Author's Name | Ruo Ando |
1st Author's Affiliation | National Institute of Information and Communication Technology, Tracable Network Group() |
2nd Author's Name | Youki Kadobayashi |
2nd Author's Affiliation | National Institute of Information and Communication Technology, Tracable Network Group |
3rd Author's Name | Youichi Shinoda |
3rd Author's Affiliation | National Institute of Information and Communication Technology, Tracable Network Group |
Date | 2008-07-24 |
Paper # | ISEC2008-34,SITE2008-28 |
Volume (vol) | vol.108 |
Number (no) | 161 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |