J4 ›› 2012, Vol. 39 ›› Issue (6): 181-186.doi: 10.3969/j.issn.1001-2400.2012.06.030

• Original Articles • Previous Articles     Next Articles

Secure virtualization-based fine-grained process execution monitoring

LIU Zheyuan;MU Dejun   

  1. (Control and Network Inst., Northwestern Polytechnical Univ., Xi'an  710072, China)
  • Received:2012-03-09 Online:2012-12-20 Published:2013-01-17
  • Contact: LIU Zheyuan E-mail:liuzheyuan@mail.nwpu.edu.cn

Abstract:

Computer malware has forced the transfer of the traditional in-host security tools to the development of VMM-based solutions which isolate the anti-malware software from untrusted systems. However, the inherent semantic gap poses a great challenge in supporting existing monitoring tools. In this paper, we present a process transferring method for fine-grained process execution monitoring to address both isolation and compatibility problems. Also by redirecting system calls invoked by the suspect process we guarantee the execution flow of the transferred process. Evaluation results show its effectiveness and feasibility with a tiny influence on the system.

Key words: process monitoring, semantic gap, virtual machine introspection