Title :
Lares: An Architecture for Secure Active Monitoring Using Virtualization
Author :
Payne, Bryan D. ; Carbone, Martim ; Sharif, Monirul ; Lee, Wenke
Author_Institution :
Sch. of Comput. Sci., Georgia Inst. of Technol., Atlanta, GA
Abstract :
Host-based security tools such as anti-virus and intrusion detection systems are not adequately protected on today´s computers. Malware is often designed to immediately disable any security tools upon installation, rendering them useless. While current research has focused on moving these vulnerable security tools into an isolated virtual machine, this approach cripples security tools by preventing them from doing active monitoring. This paper describes an architecture that takes a hybrid approach, giving security tools the ability to do active monitoring while still benefiting from the increased security of an isolated virtual machine. We discuss the architecture and a prototype implementation that can process hooks from a virtual machine running Windows XP on Xen. We conclude with a security analysis and show the performance of a single hook to be 28 musecs in the best case.
Keywords :
invasive software; system monitoring; virtual machines; Lares secure active monitoring architecture; host-based security tool; malware; security analysis; virtual machine; Computer architecture; Computer security; Computerized monitoring; Condition monitoring; Intrusion detection; Performance analysis; Protection; Virtual machine monitors; Virtual machining; Virtual prototyping; active monitoring; introspection; virtualization;
Conference_Titel :
Security and Privacy, 2008. SP 2008. IEEE Symposium on
Conference_Location :
Oakland, CA
Print_ISBN :
978-0-7695-3168-7
