Title :
Undetectable Monitoring in a Fully-Virtualized Environment - A Continuation of the HAL Keystroke Logger
Author :
Kranch, M. ; Ragsdale, R.
Author_Institution :
Dept. of Electr. Eng. & Comput. Sci., United States Mil. Acad., West Point, NY
Abstract :
Virtualization is ever an expanding research field and, as many predict, the way of the future for large scale business and server solutions. Originally designed as a method of centralizing physical resources and maintenance, recent research has developed methods of also utilizing virtualization for centralizing machine monitoring. Recently, there have been substantial advances in centralized monitoring in a virtualized environment[1]. Specifically, researchers at the Georgia Tech have developed XenAccess, a system for monitoring memory in a paravirtualized environment [2]. This paper highlights the differences between two popular virtualization methods, paravirtualization and full-system virtualization. A comparison between techniques used by XenAccess to those implemented in our undetectable Hardware Abstraction Layer (HAL) Keystroke Logger is then presented before expanding the original HAL template and finally discussing in detail methods to monitor disk access and memory management.
Keywords :
monitoring; operating systems (computers); storage management; system monitoring; virtual machines; HAL keystroke logger; XenAccess; centralizing machine monitoring; disk access; fully-virtualized environment; hardware abstraction layer; memory management; Application software; Computerized monitoring; Condition monitoring; Hardware; Memory management; Open source software; Operating systems; Platform virtualization; Virtual machine monitors; Virtual machining;
Conference_Titel :
System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on
Conference_Location :
Big Island, HI
Print_ISBN :
978-0-7695-3450-3
DOI :
10.1109/HICSS.2009.483
