FREE: Fine-grain Replaying Execution by Using Emulation

Chia-Wei Hsu

研究成果: Conference contribution同行評審

摘要

Replaying of execution sequence and state transition of a system is very useful for software testing, malware analysis and post-attack recovery. However, existing system logging and replaying techniques have restricted abilities and hence cannot be applied widely. Most of them are unable to perform a general whole-system analysis for the following reasons: 1) It can only replay a single process's running. 2) Modification needs to be done in OS kernel 3) Non-deterministic events such as interrupts and context switches cannot be replayed. 4) An intrusive analysis might influence the replaying result. This paper proposed a general whole-system VM-based logging and replaying mechanism. To record efficiently, our scheme only takes non-deterministic information into account such as most hardware interrupts and non-deterministic data from external I/O devices. Based on the recorded data, the accuracy of the replaying is assured. The state transition of the whole-system can be perfectly replayed; even the execution sequence of all instructions is preserved.
原文English
主出版物標題20th Cryptology and Information Security Conference (CISC 2010)
出版地台灣
發行者中華民國資訊安全學會
頁面60-68
頁數9
DOIs
出版狀態Published - 10月 2010

指紋

深入研究「FREE: Fine-grain Replaying Execution by Using Emulation」主題。共同形成了獨特的指紋。

引用此