VMCloak: Toward a stealthy in-VM agent execution

Chiawei Wang, Shiuhpyng Shieh

研究成果: Conference contribution同行評審

摘要

In-VM agent programs are generally used for the convenience of VM monitor in malware analysis. To prevent malicious interference, the stealthy execution of an in-VM agent is desirable. Existing approaches for stealthy execution of the agent remains detectable if libraries or kernel code of the guest OS is contaminated by malware. Moreover, the lack of applicability to conventional executables limits the agent functionality. In this paper, VMCloak is proposed for the stealthy in-VM agent execution. Our scheme leverages the virtualization technology to perform the real-time binary instrumentation to conceal the fingerprints of an in-VM agent from potential detection. Both stealthiness and integrity of the agent are guaranteed even when the guest OS is compromised. The evaluation shows that VMCloak can cope with the applicability issues, allowing the in-VM agent to perform the same operations as that of ordinary executables.

原文English
主出版物標題2017 IEEE Conference on Dependable and Secure Computing
發行者Institute of Electrical and Electronics Engineers Inc.
頁面115-122
頁數8
ISBN(電子)9781509055692
DOIs
出版狀態Published - 18 10月 2017
事件2017 IEEE Conference on Dependable and Secure Computing - Taipei, 台灣
持續時間: 7 8月 201710 8月 2017

出版系列

名字2017 IEEE Conference on Dependable and Secure Computing

Conference

Conference2017 IEEE Conference on Dependable and Secure Computing
國家/地區台灣
城市Taipei
期間7/08/1710/08/17

指紋

深入研究「VMCloak: Toward a stealthy in-VM agent execution」主題。共同形成了獨特的指紋。

引用此