Lares: An Architecture for Secure Active Monitoring Using Virtualization

May 18-May 21

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SP.2008.24

2008 IEEE Symposium on Security and P ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Bryan D. Payne Articles by Martim Carbone Articles by Monirul Sharif Articles by Wenke Lee

	ASCII Text	x
	Bryan D. Payne, Martim Carbone, Monirul Sharif, Wenke Lee, "Lares: An Architecture for Secure Active Monitoring Using Virtualization," Security and Privacy, IEEE Symposium on, pp. 233-247, 2008 IEEE Symposium on Security and Privacy (sp 2008), 2008.

	BibTex	x
	@article{ 10.1109/SP.2008.24, author = {Bryan D. Payne and Martim Carbone and Monirul Sharif and Wenke Lee}, title = {Lares: An Architecture for Secure Active Monitoring Using Virtualization}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3168-7}, pages = {233-247}, doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2008.24}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Lares: An Architecture for Secure Active Monitoring Using Virtualization SN - 978-0-7695-3168-7 SP233 EP247 A1 - Bryan D. Payne, A1 - Martim Carbone, A1 - Monirul Sharif, A1 - Wenke Lee, PY - 2008 KW - active monitoring KW - virtualization KW - introspection VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Host-based security tools such as anti-virus and intrusion detection systems are not adequately protected on today's computers. Malware is often designed to immediately disable any security tools upon installation, rendering them useless. While current research has focused on moving these vulnerable security tools into an isolated virtual machine, this approach cripples security tools by preventing them from doing active monitoring. This paper describes an architecture that takes a hybrid approach, giving security tools the ability to do active monitoring while still benefiting from the increased security of an isolated virtual machine. We discuss the architecture and a prototype implementation that can process hooks from a virtual machine running Windows XP on Xen. We conclude with a security analysis and show the performance of a single hook to be 28 microseconds in the best case.

Index Terms:

active monitoring, virtualization, introspection

Citation:

Bryan D. Payne, Martim Carbone, Monirul Sharif, Wenke Lee, "Lares: An Architecture for Secure Active Monitoring Using Virtualization," sp, pp.233-247, 2008 IEEE Symposium on Security and Privacy (sp 2008), 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.