The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper, we address the problem of system monitoring and faults detection using classification-based approach. The main is to follow online evolutions which can occur on the diagnosed system in the course of time. In data classification, the functioning modes are represented with a set of similar patterns called classes. These classes change their intrinsic characteristics and they are likely...
System call interposition is a powerful method for regulating and monitoring program behavior. A wide variety of security tools have been developed which use this technique. However, traditional system call interposition techniques are vulnerable to kernel attacks and have some limitations on effectiveness and transparency. In this paper, we propose a novel approach named VSyscall, which leverages...
A cloud computing provider can dynamically allocate virtual machines (VM) based on the needs of the customers, while maintaining the privileged access to the Management Virtual Machine that directly manages the hardware and supports the guest VMs. The customers must trust the cloud providers to protect the confidentiality and integrity of their applications and data. However, as the VMs from different...
Modern computing systems are instrumented to generate huge amounts of system logs and these data can be utilized for understanding and complex system behaviors. One main fundamental challenge in automated log analysis is the generation of system events from raw textual logs. Recent works apply clustering techniques to translate the raw log messages into system events using only the word/term information...
Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations...
Monitoring virtual machine (VM) is an essential function for virtualized platforms. Existing solutions are either coarse-grained - monitoring in granularity of VM level, or not general - only support specific monitoring functions for particular guest operating system (OS). Thus they do not satisfy the monitoring requirement in large-scale server cluster such as data center and public cloud platform,...
The recent increase in complexity and functionality in embedded systems makes them more vulnerable to rootkit-type attacks, raising the need for integrity management systems. However, as of today there is no such system that can guarantee the system's safety while matching the low-resource, real-time and multi-core requirements of embedded systems. In this paper, we present a Virtual Machine Monitor...
Execution tracing is one of the key techniques for analyzing and validating the operation of embedded products. After reviewing several approaches to the runtime behavior analysis of embedded systems, we present the experience gained in developing a range of high-bandwidth communications devices combining multiple wireless and wired link technologies. In particular, all cases studies are based on...
With the development of virtualization technology, file protection in virtual machine, especially in guest OS, becomes more and more important. Traditional host-based file protection system resides the critical modules in monitored system, which is easily explored and destroyed by malwares. Moreover, in order to protect the multiple operation systems running on the same platform, it is necessary to...
Boot-CDs are a flexible and powerful method to assist in the whole forensic process from live examination to acquisition, searching and recovery. Linux was ever since the most popular OS for this purpose, but in some cases Windows-based live-CDs are also useful. In this workshop we present different real-life case scenarios and the corresponding live-boot-solution. Since kernel 2.6 Linux is able to...
Current commodity operating systems allow a privileged user to run some programs in kernel mode by installing a kernel module or a device driver, but there isnpsilat an available method to verify the reliability of these programs. As a result, malware leverages this way to corrupt system services, defeat anti-malware and even get control of the whole system. It makes operating-system-based security...
When constructing a virtual machine monitor (VMM), there are two different trends. The first one is trying to make the VMM be self-inclusive, while the second one is to make the VMM part of the host operating system. The former is prefered by independent virtualization provider (IVP) or BIOS manufacturer, and the later is advocated by OS vendors. In this article, after analyzing the implementation...
Targetless logic emulation refers to a verification system in which there are no external hardware targets interfacing with the emulator. In such systems input stimuli to the DUT come either from a user provided vector file or a HDL testbench running on a software simulator and the DUT runs on hardware based logic emulator. Many users use such targetless environment for automated long running verification...
This paper describes the design and implementation of the dependable operating system architecture on the IA-32 architecture. The dependable operating system architecture is composed of Linux and the system monitoring and control system (SMCS), and SMCS executes the monitoring and control services to watch the status of Linux and automatically rejuvenates it when necessary and appropriate in order...
This paper introduced a monitoring architecture that is highly scalable and suitable for practical use in distributed environments. We also introduced two applications as illustrative embodiments of our concept and monitoring system. For better scalability and practicality, we are planning further developments on both monitoring system itself and applications.
Virtual machine (VM) based logging-and-replay technology has attracted much attention for system security, fault tolerance, and debugging. However, so far there is not a replay system designed on virtual machine monitor Xen. In this paper, XenLR presents the design and implementation of a logging tool for full system replay on Xen. To reduce the design complexity, XenLR is achieved on a lightweight...
In view of the analysis of hostility and working principle of the malicious software and their actions, based on the kernel driver, this paper designs a real-time inspection system framework and solution of malicious software and actions. This system applies shared memory, Windows message mechanism, I/O driver technology and others, implements information synchronization and data communications in...
The kernel objects consist of critical kernel data structures and system call functions, which are the most important data for a system, should be protected as first-class candidates. In this paper, a lightweight system-level detection and recovery infrastructure is presented for embedded systems. Inside the infrastructure, specific runtime protections have been implemented for different kernel objects,...
The malicious code has characteristic of various types, and its ability of hiding increases quickly. In this paper, according to the analysis of hiding technology of malicious programs, it proposed a new idea of detecting malware based on the raw data. Finally, the results are given, which are compared with the current security detection scanners. It is a beneficial attempt of this method in detecting...
VMM (virtual machine monitor) introspection makes it possible to design dynamic protection system of virtualized guest OS. TDE (trusted domain enforcement) is an extension of TE (type enforcement) for dynamic access control and sandbox. VMM provides a strong isolation which can enhance TDE of guest domain. In this paper we propose an enhancement of trusted domain enforcement of guest domain using...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.