Name
Abstract | ||
|---|---|---|
Quick defense against the spread of software exploits is an important problem, and hot patching is an attractive approach to solve this problem. However, these approaches cannot adapt to cloud well, which brings new challenges to the protection of software. Among these challenges, transparency and rapid deployment are two respective requirements for protection. In this paper, we propose vPatcher, a transparent data patching technique based on Virtual Machine Introspection. Vpatcher uses hypervisor to monitor the network connections of vulnerable programs in protected guest systems, deployed outside the Virtual Machines, without disturbing the target guest systems. Given the vulnerability signatures, vPatcher intercepts network packets, scans these packets for vulnerable processes by reconstructing fine-grained system semantics that include process states as well as corresponding network connections, detects them with their vulnerability signatures, and finally filters exploits. We adopted several realistic vulnerable programs used broadly to evaluate the effectiveness of the technique, and experimental results showed its efficacy and that the overhead is acceptable. In addition, the experiments also show that it could be transparent to guest systems, and suitable for rapid deployment in cloud platforms. |
Year | DOI | Venue |
|---|---|---|
2014 | 10.1109/TrustCom.2014.125 | TrustCom |
Keywords | Field | DocType |
hypervisor,virtual machine monitoring,transparency, hot patching, data patching, exploit defense, virtual machine monitoring,virtual machines,vpatcher,vulnerable programs,secure software,exploit defense,network connection monitoring,data patching,vulnerability signatures,vmi-based transparent data patching,fine-grained system semantics,transparency,protected guest systems,cloud computing,virtual machine introspection,system monitoring,hot patching,security of data,data structures,semantics,inspection,kernel,availability | Software deployment,Virtual machine,Computer science,Computer security,Process state,Network packet,Computer network,Hypervisor,Exploit,Software,Cloud computing,Distributed computing | Conference |
ISSN | Citations | PageRank |
2324-898X | 1 | 0.35 |
References | Authors | |
16 | 5 | |