search

AMD SimNow Simulator 4.4.4 Bedienungsanleitung Seite 11

  • Herunterladen
  • Zu meinen Handbüchern hinzufügen
  • Drucken
  • Seite
    / 37
  • Inhaltsverzeichnis
  • LESEZEICHEN
    • Bewertet. / 5. Basierend auf Kundenbewertungen
Seitenansicht 10
CHAPTER 2
RELATED WORKS
A significant motivation for our project is prior works on malware analysis in
non-virtualized environment, including in-guest debugger [5] and dissasem-
bler [4]. Those techniques, however, can be avoided through various number
of methods such as packing/encryption, code obfuscation [8], and debugger
detection [10]. More advanced systems include OS based platforms such as
Saffron [8], and emulator based analyzers such as Renovo [7]. Saffron uses dy-
namic instrumentation and a newly developed page fault assisted debugger,
while Renovo and BitBlaze [27] ultilize whole-system emulation. However,
they only provide a way to debug / unpack malware whereas MAVMM offers
a more complete analysis platform. Moreover, non-virtualized analyzers are
very likely to create detectable side effects, especially when they operate un-
der the the assumption that the guest OS can be compromised. Our goals of
minimal detectability and no trust on the guest, including guest OS, cannot
be accomplished in this environment.
Virtualization offers a strong protection through isolation, and the ability
to save and rollback guest state to aid live debugging. VM introspection, the
process of examining a process inside a virtual machine from its VMM, was
introduced by Garfinkle and Rosenblum [28]. While other works have lever-
aged this idea for security purposes, such as process tracking [29], intrusion
detection [30, 31], malware detection [32], and honeypots [33, 34, 35], our
work focuses on harware-supported introspection for malware analysis.
Because virtual machines have been used commonly by malware analyzers,
virtualization detection techniques have become a part of modern malware.
The techniques that malware program use range from a simple IDT based
detection [15] to complicated TLB sizing or timing attacks [21, 17]. These
results show that any software virtualization platform will introduce some
detectable changes to the guest system. We, therefore, utilize the hardware
virtualization support to achieve our goal of minimal detectability. Since it
5
Seitenansicht 10
1 2 ... 6 7 8 9 10 11 12 13 14 15 16 ... 36 37

Kommentare zu diesen Handbüchern

Keine Kommentare
Verwandte Produkte und Handbücher für Vernetzung AMD SimNow Simulator 4.4.4
Vernetzung AMD Am79C930 Bedienungsanleitung   (3 Seiten)
Vernetzung AMD SimNow Simulator 4.4.4 Betriebsanweisung   (254 Seiten)
  • SecureHome Geodesy Xircom Silva Vocia
  • D-Link Gateways / Controller CTA Digital Tablettenhüllen Harbor Freight Tools Elektrische Feine Zerstäubung Philips Forecast Wandbeleuchtung Fisher & Paykel Küchenmaschinen
  • LG OLED65E8PTA Sony MDR-RF4000K Samsung SM-R770 Electrolux OPEA2350R Avanti BCF54S3S
  • VTech CS2111-11 Bedienungsanleitung Clarke CFP-2000DS Bedienungsanleitung LG MJ3281BC Bedienungsanleitung Electrolux EOB63300X Bedienungsanleitung Samsung CLP-365W Bedienungsanleitung