Verfügbarkeit: Full virtual machine state reconstruction for security applications

Full virtual machine state reconstruction for security applications:

Gespeichert in:

Bibliographische Detailangaben
Beteilige Person:	Schneider, Christian A. (VerfasserIn)
Format:	Hochschulschrift/Dissertation Buch
Sprache:	Englisch
Veröffentlicht:	2013
Schlagwörter:	Virtuelle Maschine Computersicherheit Hochschulschrift
Links:	http://mediatum.ub.tum.de/node?id=1142206 https://nbn-resolving.org/urn:nbn:de:bvb:91-diss-20131029-1142206-0-0 http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026885918&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
Umfang:	XV, 153 S. graph. Darst.

Internformat

MARC


LEADER	00000nam a2200000 c 4500
001	BV041439115
003	DE-604
005	20140211
007	t\|
008	131122s2013 xx d\|\|\| m\|\|\| 00\|\|\| eng d
035			\|a (OCoLC)864627722
035			\|a (DE-599)BVBBV041439115
040			\|a DE-604 \|b ger \|e rakwb
041	0		\|a eng
049			\|a DE-384 \|a DE-473 \|a DE-703 \|a DE-1051 \|a DE-824 \|a DE-29 \|a DE-12 \|a DE-91 \|a DE-19 \|a DE-1049 \|a DE-92 \|a DE-739 \|a DE-898 \|a DE-355 \|a DE-706 \|a DE-20 \|a DE-1102 \|a DE-91G
082	0		\|a 004
084			\|a DAT 460d \|2 stub
100	1		\|a Schneider, Christian A. \|e Verfasser \|4 aut
245	1	0	\|a Full virtual machine state reconstruction for security applications \|c Christian A. Schneider
264		1	\|c 2013
300			\|a XV, 153 S. \|b graph. Darst.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
502			\|a München, Techn. Univ., Diss., 2013
650	0	7	\|a Virtuelle Maschine \|0 (DE-588)4188396-2 \|2 gnd \|9 rswk-swf
650	0	7	\|a Computersicherheit \|0 (DE-588)4274324-2 \|2 gnd \|9 rswk-swf
655		7	\|0 (DE-588)4113937-9 \|a Hochschulschrift \|2 gnd-content
689	0	0	\|a Virtuelle Maschine \|0 (DE-588)4188396-2 \|D s
689	0	1	\|a Computersicherheit \|0 (DE-588)4274324-2 \|D s
689	0		\|5 DE-604
776	0	8	\|i Erscheint auch als \|n Online-Ausgabe \|o urn:nbn:de:bvb:91-diss-20131029-1142206-0-0
856	4	1	\|u http://mediatum.ub.tum.de/node?id=1142206 \|x Verlag \|z kostenfrei \|3 Volltext
856	4		\|u https://nbn-resolving.org/urn:nbn:de:bvb:91-diss-20131029-1142206-0-0 \|x Resolving-System
856	4	2	\|m DNB Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026885918&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
912			\|a ebook
943	1		\|a oai:aleph.bib-bvb.de:BVB01-026885918

Datensatz im Suchindex

DE-BY-TUM_call_number	0001 DM 31573 0109 DM 31573
DE-BY-TUM_katkey	1967519
DE-BY-TUM_location	Mag 01
DE-BY-TUM_media_number	TEMP3225898 040010170015
_version_	1821933583397289984
adam_text	CONTENTS 1 INTRODUCTION 1 1.1 MOTIVATION 1 1.2 PROBLEM STATEMENT 3 1.3 CONTRIBUTION 4 1.4 LIST OF PUBLICATIONS 6 1.5 THESIS OUTLINE 8 2 FOUNDATIONS 9 2.1 SYSTEM VIRTUALIZATION 9 2.1.1 CPU VIRTUALIZATION 10 2.1.2 MEMORY VIRTUALIZATION 12 2.1.3 INPUT/OUTPUT VIRTUALIZATION 13 2.2 VIRTUAL MACHINE INTROSPECTION 13 2.2.1 VMI FOR SECURITY APPLICATIONS 14 2.2.2 LIMITATIONS 14 2.3 THE SEMANTIC GAP 15 2.4 KERNEL-LEVEL ATTACKS 17 2.4.1 DATA-BASED ATTACKS 17 2.4.2 CODE-BASED ATTACKS 20 2.5 ROOTKITS 20 2.5.1 ROOTKIT TAXONOMY 21 2.5.2 ROOTKITS VS. KERNEL-LEVEL ATTACKS 22 2.6 SUMMARY 22 3 MODELING VMI APPROACHES 23 3.1 VMI CHALLENGES 23 3.2 VMI MODEL 24 3.2.1 STATES. VIEWS, AND CLASSES 25 3.2.2 VIEW GENERATION. AGGREGATION, AND CLASSIFICATION 26 VII HTTP://D-NB.INFO/1044909692 CONTENTS 3.2.3 PURPOSE 29 3.3 VIEW GENERATION PATTERNS 29 3.3.1 PROPERTIES 30 3.3.2 OUT-OF-BAND DELIVERY 32 3.3.3 IN-BAND DELIVERY 33 3.3.4 DERIVATION 35 3.3.5 COMBINATION OF PATTERNS 36 3.4 SUMMARY 38 4 RELATED WORK 39 4.1 DELIVERY-BASED APPROACHES 40 4.1.1 APPROACHES USING RESTRICTED SEMANTIC VIEW GENERATION 41 4.1.2 APPROACHES USING KERNEL OBJECT MAPPING 44 4.2 DERIVATIVE APPROACHES 45 4.3 SUMMARY 46 5 VIEW GENERATION WITH FULL STATE APPLICABILITY 49 5.1 INTERPRETATION OF STATE INFORMATION 50 5.1.1 CPU STATE 50 5.1.2 DEVICE STATE 50 5.1.3 DISK STORAGE 51 5.1.4 PHYSICAL MEMORY 51 5.2 CHALLENGES OF KERNEL OBJECT EXTRACTION 52 5.2.1 MEMORY LAYOUT AND ADDRESS TRANSLATION 52 5.2.2 TYPE INFORMATION 54 5.2.3 DYNAMIC POINTER AND TYPE MANIPULATIONS 55 5.2.4 RUNTIME DEPENDENCIES 61 5.3 SUMMARY 64 6 TOWARDS FULL STATE APPLICABILITY 67 6.1 OVERVIEW OF INSIGHT 68 6.1.1 SUPPORTED GUESTS 69 6.1.2 SUPPORTED HYPERVISORS 69 6.1.3 MODES OF OPERATION 69 6.1.4 INTERFACES 70 6.1.5 AVAILABILITY 70 6.2 DESIGN AND IMPLEMENTATION 71 6.2.1 TYPE INFORMATION 71 6.2.2 MEMORY ACCESS 74 6.2.3 READING KERNEL OBJECTS 79 6.2.4 COMMAND LINE INTERFACE 82 6.2.5 SCRIPTING ENGINE 83 VIII CONTENTS 6.3 APPLICATION 84 6.3.1 PERIODIC ANALYSIS 85 6.3.2 EVENT-DRIVEN ANALYSIS 85 6.4 SUMMARY 87 7 EXTRACTING SEMANTIC KNOWLEDGE THROUGH STATIC CODE ANALYSIS 89 7.1 STATIC CODE ANALYSIS 91 7.1.1 USED-AS VS. POINTS-TO ANALYSIS 91 7.1.2 NOTATION AND SYMBOLS 93 7.1.3 STEP 1: POINTS-TO ANALYSIS 94 7.1.4 STEP 2: ESTABLISHING USED-AS RELATIONS 98 7.2 IMPLEMENTATION * 100 7.2.1 SOURCE CODE LEVEL ANALYSIS 101 7.2.2 APPLYING USED-AS RELATIONS 101 7.3 TYPE RULE ENGINE 104 7.3.1 EXPRESSION RULES 105 7.3.2 SCRIPT RULES 107 7.3.3 OPERATING SYSTEM FILTERS 110 7.4 APPLICATION ILL 7.5 RELATED WORK ILL 7.6 SUMMARY 113 8 EVALUATION 115 8.1 KERNEL OBJECT COVERAGE AND ACCURACY 115 8.1.1 VALIDATING KERNEL OBJECTS 116 8.1.2 TEST ENVIRONMENT 118 8.1.3 EXPERIMENTS 118 8.1.4 RESULTS 119 8.1.5 DISCUSSION 126 8.1.6 COMPARISON TO KOP 128 8.2 DETECTING SYSTEM-LEVEL ATTACKS 129 8.2.1 TEST ENVIRONMENT 129 8.2.2 EXPERIMENTS 129 8.2.3 RESULTS 131 8.3 SUMMARY 132 9 CONCLUSION AND FUTURE WORK 133 9.1 CONTRIBUTIONS 134 9.2 FUTURE RESEARCH DIRECTIONS 136 BIBLIOGRAPHY 153
any_adam_object	1
author	Schneider, Christian A.
author_facet	Schneider, Christian A.
author_role	aut
author_sort	Schneider, Christian A.
author_variant	c a s ca cas
building	Verbundindex
bvnumber	BV041439115
classification_tum	DAT 460d
collection	ebook
ctrlnum	(OCoLC)864627722 (DE-599)BVBBV041439115
dewey-full	004
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	004 - Computer science
dewey-raw	004
dewey-search	004
dewey-sort	14
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
format	Thesis Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01818nam a2200409 c 4500</leader><controlfield tag="001">BV041439115</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20140211 </controlfield><controlfield tag="007">t\|</controlfield><controlfield tag="008">131122s2013 xx d\|\|\| m\|\|\| 00\|\|\| eng d</controlfield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)864627722</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV041439115</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-384</subfield><subfield code="a">DE-473</subfield><subfield code="a">DE-703</subfield><subfield code="a">DE-1051</subfield><subfield code="a">DE-824</subfield><subfield code="a">DE-29</subfield><subfield code="a">DE-12</subfield><subfield code="a">DE-91</subfield><subfield code="a">DE-19</subfield><subfield code="a">DE-1049</subfield><subfield code="a">DE-92</subfield><subfield code="a">DE-739</subfield><subfield code="a">DE-898</subfield><subfield code="a">DE-355</subfield><subfield code="a">DE-706</subfield><subfield code="a">DE-20</subfield><subfield code="a">DE-1102</subfield><subfield code="a">DE-91G</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">004</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 460d</subfield><subfield code="2">stub</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Schneider, Christian A.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Full virtual machine state reconstruction for security applications</subfield><subfield code="c">Christian A. Schneider</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2013</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XV, 153 S.</subfield><subfield code="b">graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="502" ind1=" " ind2=" "><subfield code="a">München, Techn. Univ., Diss., 2013</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Virtuelle Maschine</subfield><subfield code="0">(DE-588)4188396-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="655" ind1=" " ind2="7"><subfield code="0">(DE-588)4113937-9</subfield><subfield code="a">Hochschulschrift</subfield><subfield code="2">gnd-content</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Virtuelle Maschine</subfield><subfield code="0">(DE-588)4188396-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Online-Ausgabe</subfield><subfield code="o">urn:nbn:de:bvb:91-diss-20131029-1142206-0-0</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">http://mediatum.ub.tum.de/node?id=1142206</subfield><subfield code="x">Verlag</subfield><subfield code="z">kostenfrei</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">https://nbn-resolving.org/urn:nbn:de:bvb:91-diss-20131029-1142206-0-0</subfield><subfield code="x">Resolving-System</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">DNB Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026885918&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ebook</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-026885918</subfield></datafield></record></collection>
genre	(DE-588)4113937-9 Hochschulschrift gnd-content
genre_facet	Hochschulschrift
id	DE-604.BV041439115
illustrated	Illustrated
indexdate	2024-12-20T16:47:21Z
institution	BVB
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-026885918
oclc_num	864627722
open_access_boolean	1
owner	DE-384 DE-473 DE-BY-UBG DE-703 DE-1051 DE-824 DE-29 DE-12 DE-91 DE-BY-TUM DE-19 DE-BY-UBM DE-1049 DE-92 DE-739 DE-898 DE-BY-UBR DE-355 DE-BY-UBR DE-706 DE-20 DE-1102 DE-91G DE-BY-TUM
owner_facet	DE-384 DE-473 DE-BY-UBG DE-703 DE-1051 DE-824 DE-29 DE-12 DE-91 DE-BY-TUM DE-19 DE-BY-UBM DE-1049 DE-92 DE-739 DE-898 DE-BY-UBR DE-355 DE-BY-UBR DE-706 DE-20 DE-1102 DE-91G DE-BY-TUM
physical	XV, 153 S. graph. Darst.
psigel	ebook
publishDate	2013
publishDateSearch	2013
publishDateSort	2013
record_format	marc
spellingShingle	Schneider, Christian A. Full virtual machine state reconstruction for security applications Virtuelle Maschine (DE-588)4188396-2 gnd Computersicherheit (DE-588)4274324-2 gnd
subject_GND	(DE-588)4188396-2 (DE-588)4274324-2 (DE-588)4113937-9
title	Full virtual machine state reconstruction for security applications
title_auth	Full virtual machine state reconstruction for security applications
title_exact_search	Full virtual machine state reconstruction for security applications
title_full	Full virtual machine state reconstruction for security applications Christian A. Schneider
title_fullStr	Full virtual machine state reconstruction for security applications Christian A. Schneider
title_full_unstemmed	Full virtual machine state reconstruction for security applications Christian A. Schneider
title_short	Full virtual machine state reconstruction for security applications
title_sort	full virtual machine state reconstruction for security applications
topic	Virtuelle Maschine (DE-588)4188396-2 gnd Computersicherheit (DE-588)4274324-2 gnd
topic_facet	Virtuelle Maschine Computersicherheit Hochschulschrift
url	http://mediatum.ub.tum.de/node?id=1142206 https://nbn-resolving.org/urn:nbn:de:bvb:91-diss-20131029-1142206-0-0 http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=026885918&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT schneiderchristiana fullvirtualmachinestatereconstructionforsecurityapplications

Verfügbarkeit

Bestellen (Login erforderlich)

Online lesen (frei zugänglich)
Inhaltsverzeichnis
Paper/Kapitel scannen lassen

Bibliotheksmagazin

Bestandsangaben von Bibliotheksmagazin
Signatur:	0001 DM 31573 Lageplan
Exemplar 1	Ausleihbar Am Standort

Teilbibliothek Mathematik & Informatik, Dissertationen und Abschlussarbeiten

Bestandsangaben von Teilbibliothek Mathematik & Informatik, Dissertationen und Abschlussarbeiten
Signatur:	0109 DM 31573 Lageplan
Exemplar 1	Ausleihbar Am Standort