Sciweavers

Share
SP
2008
IEEE

Lares: An Architecture for Secure Active Monitoring Using Virtualization

8 years 9 months ago
Lares: An Architecture for Secure Active Monitoring Using Virtualization
Host-based security tools such as anti-virus and intrusion detection systems are not adequately protected on today’s computers. Malware is often designed to immediately disable any security tools upon installation, rendering them useless. While current research has focused on moving these vulnerable security tools into an isolated virtual machine, this approach cripples security tools by preventing them from doing active monitoring. This paper describes an architecture that takes a hybrid approach, giving security tools the ability to do active monitoring while still benefiting from the increased security of an isolated virtual machine. We discuss the architecture and a prototype implementation that can process hooks from a virtual machine running Windows XP on Xen. We conclude with a security analysis and show the performance of a single hook to be 28 µsecs in the best case.
Bryan D. Payne, Martim Carbone, Monirul I. Sharif,
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where SP
Authors Bryan D. Payne, Martim Carbone, Monirul I. Sharif, Wenke Lee
Comments (0)
books