TY - GEN
T1 - A universal semantic bridge for virtual machine introspection
AU - Schneider, Christian
AU - Pfoh, Jonas
AU - Eckert, Claudia
PY - 2011
Y1 - 2011
N2 - All systems that utilize virtual machine introspection (VMI) need to overcome the disconnect between the low-level state that the hypervisor sees and its semantics within the guest. This problem has become well-known as the semantic gap. In this work, we introduce our tool, InSight, that establishes a semantic connection between the guest and the hypervisor independent of the application at hand. InSight goes above and beyond previous approaches in that it strives to expose all kernel objects to an application with as little human effort as possible. It features a shell interface for interactive inspection as well as a scripting engine for comfortable and safe development of new VMI-based methods. Due to this flexibility, InSight supports a wide variety of VMI applications, such as intrusion detection, forensic analysis, malware analysis, and kernel debugging.
AB - All systems that utilize virtual machine introspection (VMI) need to overcome the disconnect between the low-level state that the hypervisor sees and its semantics within the guest. This problem has become well-known as the semantic gap. In this work, we introduce our tool, InSight, that establishes a semantic connection between the guest and the hypervisor independent of the application at hand. InSight goes above and beyond previous approaches in that it strives to expose all kernel objects to an application with as little human effort as possible. It features a shell interface for interactive inspection as well as a scripting engine for comfortable and safe development of new VMI-based methods. Due to this flexibility, InSight supports a wide variety of VMI applications, such as intrusion detection, forensic analysis, malware analysis, and kernel debugging.
UR - http://www.scopus.com/inward/record.url?scp=81855220945&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-25560-1_25
DO - 10.1007/978-3-642-25560-1_25
M3 - Conference contribution
AN - SCOPUS:81855220945
SN - 9783642255595
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 370
EP - 373
BT - Information Systems Security - 7th International Conference, ICISS 2011, Proceedings
T2 - 7th International Conference on Information Systems Security, ICISS 2011
Y2 - 15 December 2011 through 19 December 2011
ER -