Name
Abstract | ||
|---|---|---|
Virtual Machine Introspection (VMI) systems have been widely adopted for malware detection and analysis. VMI systems use hypervisor technology for system introspection and to expose malicious activity. However, recent malware can detect the presence of virtualization or corrupt the hypervisor state thus avoiding detection. We introduce SPECTRE, a hardware-assisted dependability framework that leverages System Management Mode (SMM) to inspect the state of a system. Contrary to VMI, our trusted code base is limited to BIOS and the SMM implementations. SPECTRE is capable of transparently and quickly examining all layers of running system code including a hypervisor, the OS, and user level applications. We demonstrate several use cases of SPECTRE including heap spray, heap overflow, and rootkit detection using real-world attacks on Windows and Linux platforms. In our experiments, full inspection with SPECTRE is 100 times faster than similar VMI systems because there is no performance overhead due to virtualization. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1109/DSN.2013.6575343 | DSN |
Keywords | Field | DocType |
hypervisor state,rootkit detection,real-world attacks,invasive software,malicious activity,virtualization,smm implementations,hardware-assisted dependability framework,user interfaces,memory attacks,system introspection,malware analysis,code base,malware detection,virtual machines,virtual machine introspection systems,bios implementations,linux platforms,system code,linux,vmi systems,spectre,smm implementation,hypervisor technology,virtualisation,dependable introspection framework,similar vmi system,vmi system,introspection,windows platforms,system management mode,smm,kernel,hardware,malware | Virtualization,Dependability,Virtual machine,Computer science,Heap overflow,Hypervisor,Real-time computing,Distributed computing,Rootkit,Malware,Operating system,Embedded system,System Management Mode | Conference |
ISSN | ISBN | Citations |
1530-0889 | 978-1-4673-6471-3 | 24 |
PageRank | References | Authors |
0.77 | 19 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Fengwei Zhang | 1 | 157 | 19.63 |
| Kevin Leach | 2 | 31 | 1.55 |
| Kun Sun | 3 | 142 | 12.80 |
| Angelos Stavrou | 4 | 1288 | 98.69 |