Title :
Endpoint Configuration Compliance Monitoring via Virtual Machine Introspection
Author :
Kienzle, Darrell ; Persaud, Ryan ; Elder, Matthew
Author_Institution :
Symantec Corp., Mountain View, CA, USA
Abstract :
We describe a system for externally monitoring endpoint configuration compliance of an end user system that provides a high assurance monitoring function and data. Typical approaches to monitoring for endpoint configuration compliance rely on the integrity of the endpoint´s operating system and do not protect the monitoring function from subversion or spoofing by threats from within the monitored system. Our approach utilizes (1) a virtual machine architecture on the endpoint system to protect the monitoring function and (2) virtual machine introspection of the end user´s environment. In this paper we describe our approach to external monitoring of endpoint configuration compliance, present the technical details of our monitoring system, provide a description of some experimentation and observations, and discuss some of the issues associated with external monitoring.
Keywords :
configuration management; operating systems (computers); user interfaces; virtual machines; end user system; endpoint configuration compliance monitoring; high assurance monitoring data; high assurance monitoring function; virtual machine introspection; Application software; Computer architecture; Condition monitoring; Hardware; Information security; Operating systems; Platform virtualization; Protection; Virtual machine monitors; Virtual machining;
Conference_Titel :
System Sciences (HICSS), 2010 43rd Hawaii International Conference on
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4244-5509-6
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2010.182
