Building Reliable and Secure Virtual Machines Using Architectural Invariants

HyperTap is a hypervisor-level monitoring framework for virtual machines (VMs). It uses hardware architectural invariants properties defined and enforced by a hardware platform to establish the root of trust for logging data and events. HyperTap also supports continuous, event-driven VM monitoring, which enables both capturing the system state and responding rapidly to actions of interest.

[1]  Ravishankar K. Iyer,et al.  Reliability and Security Monitoring of Virtual Machines Using Hardware Architectural Invariants , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[2]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[3]  Domenico Cotroneo,et al.  Assessment and Improvement of Hang Detection in the Linux Operating System , 2009, 2009 28th IEEE International Symposium on Reliable Distributed Systems.

[4]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[5]  Tal Garfinkel,et al.  Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools , 2003, NDSS.

[6]  Wenke Lee,et al.  Secure and Flexible Monitoring of Virtual Machines , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[7]  Muli Ben-Yehuda,et al.  Vigilant: out-of-band detection of failures in virtual machines , 2008, OPSR.

[8]  Steven A. Hofmeyr,et al.  Intrusion Detection via System Call Traces , 1997, IEEE Softw..