Affiliation:
1. University of Texas at Dallas, Richardson, TX, USA
Abstract
When designing computer monitoring systems, one goal has always been to have a complete view of the monitored target and at the same time stealthily protect the monitor itself. One way to achieve this is to use hypervisor-based, or more generally out of virtual machine (VM)-based, monitoring. There are, however, challenges that limit the use of this mechanism; the most significant of these is the semantic gap problem. Over the past decade, a considerable amount of research has been carried out to bridge the semantic gap and develop all kinds of out-of-VM monitoring techniques and applications. By tracing the evolution of out-of-VM security solutions, this article examines and classifies different approaches that have been proposed to overcome the semantic gap—the fundamental challenge in hypervisor-based monitoring—and how they have been used to develop various security applications. In particular, we review how the past approaches address different constraints, such as practicality, flexibility, coverage, and automation, while bridging the semantic gap; how they have developed different monitoring systems; and how the monitoring systems have been applied and deployed. In addition to systematizing all of the proposed techniques, we also discuss the remaining research problems and shed light on the future directions of hypervisor-based monitoring.
Publisher
Association for Computing Machinery (ACM)
Subject
General Computer Science,Theoretical Computer Science
Cited by
61 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献