Enabling Intrusion Analysis through Virtual-Machine Logging and Replay





ReVirt: Enabling intrusion analysis through virtual - machine logging and replay
free download

Current system loggers have two problems: they depend on the integrity of the operating system being logged, and they do not save sufficient information to replay and analyze attacks that include any non-deterministic events. ReVirt removes the dependency on the target operating system by moving it into a virtual machine and logging below the virtual machine. This allows ReVirt to replay the systems execution before, during, and after an intruder compromises the system, even if the intruder replaces the target operating system

Current system loggers have two problems: they depend on the integrity of the

gy, fine-grained dynamic instrumentation of commodity kernels, which can splice (insert) dynamically generated code before almost any machine code instruction of a completely unmodified running commodity operating system kernel



FREE IEEE PAPER AND PROJECTS


FREE IEEE PAPER