FREE: Fine-grain Replaying Execution by Using Emulation

Chia-Wei Hsu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Replaying of execution sequence and state transition of a system is very useful for software testing, malware analysis and post-attack recovery. However, existing system logging and replaying techniques have restricted abilities and hence cannot be applied widely. Most of them are unable to perform a general whole-system analysis for the following reasons: 1) It can only replay a single process's running. 2) Modification needs to be done in OS kernel 3) Non-deterministic events such as interrupts and context switches cannot be replayed. 4) An intrusive analysis might influence the replaying result. This paper proposed a general whole-system VM-based logging and replaying mechanism. To record efficiently, our scheme only takes non-deterministic information into account such as most hardware interrupts and non-deterministic data from external I/O devices. Based on the recorded data, the accuracy of the replaying is assured. The state transition of the whole-system can be perfectly replayed; even the execution sequence of all instructions is preserved.
Original languageEnglish
Title of host publication20th Cryptology and Information Security Conference (CISC 2010)
Place of Publication台灣
Publisher中華民國資訊安全學會
Pages60-68
Number of pages9
DOIs
StatePublished - Oct 2010

Fingerprint

Dive into the research topics of 'FREE: Fine-grain Replaying Execution by Using Emulation'. Together they form a unique fingerprint.

Cite this