A universal semantic bridge for virtual machine introspection

Christian Schneider, Jonas Pfoh, Claudia Eckert

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

All systems that utilize virtual machine introspection (VMI) need to overcome the disconnect between the low-level state that the hypervisor sees and its semantics within the guest. This problem has become well-known as the semantic gap. In this work, we introduce our tool, InSight, that establishes a semantic connection between the guest and the hypervisor independent of the application at hand. InSight goes above and beyond previous approaches in that it strives to expose all kernel objects to an application with as little human effort as possible. It features a shell interface for interactive inspection as well as a scripting engine for comfortable and safe development of new VMI-based methods. Due to this flexibility, InSight supports a wide variety of VMI applications, such as intrusion detection, forensic analysis, malware analysis, and kernel debugging.

Original languageEnglish
Title of host publicationInformation Systems Security - 7th International Conference, ICISS 2011, Proceedings
Pages370-373
Number of pages4
DOIs
StatePublished - 2011
Event7th International Conference on Information Systems Security, ICISS 2011 - Kolkata, India
Duration: 15 Dec 201119 Dec 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7093 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference7th International Conference on Information Systems Security, ICISS 2011
Country/TerritoryIndia
CityKolkata
Period15/12/1119/12/11

Fingerprint

Dive into the research topics of 'A universal semantic bridge for virtual machine introspection'. Together they form a unique fingerprint.

Cite this