Enabling Intrusion Analysis through Virtual-Machine Logging and Replay
ReVirt: Enabling intrusion analysis through virtual - machine logging and replay
free download
Current system loggers have two problems: they depend on the integrity of the operating system being logged, and they do not save sufficient information to replay and analyze attacks that include any non-deterministic events. ReVirt removes the dependency on the target operating system by moving it into a virtual machine and logging below the virtual machine. This allows ReVirt to replay the systems execution before, during, and after an intruder compromises the system, even if the intruder replaces the target operating system
Current system loggers have two problems: they depend on the integrity of the
gy, fine-grained dynamic instrumentation of commodity kernels, which can splice (insert) dynamically generated code before almost any machine code instruction of a completely unmodified running commodity operating system kernelFREE IEEE PAPER AND PROJECTS
FREE IEEE PAPER