Published on

The lecture by Sartakov A. Vasily for Summer Systems School'12.
Brief introduction to VMI and FMA technologies.
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.

1. http://ksyslabs.org/

Published in: Education
  • Be the first to comment

  • Be the first to like this


  1. 1. VMI and FMAчетверг, 26 июля 12 г.
  2. 2. FMA - Forencsic memory analisys seeks to extract forensic information from dumps of physical memory. VMI - Virtual Machine Introspection VMI software runs in an isolated FMA, by contrast, typically takes virtualized environment and monitors place after a security incident is the state of other VMs. This isolation suspected to have occurred. An protects it from tampering by software investigator acquires an image of inside the monitored VM, making it an physical memory and then performs attractive way to implement security offline analysis, extracting software. VMI-based monitoring is information about the system state to performed online and focuses on explain the incident. detecting security events as they occur.четверг, 26 июля 12 г.
  3. 3. VMI: + Dyncamic - changes over time - Need a lot of resources - Effect on system FMA: + No time/resource restrictions + No effect on system - Static Problem: Semantic Gapчетверг, 26 июля 12 г.
  4. 4. A. Schuster. Searching for processes and threads in Microsoft Windows memory dumps. In Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS), 2006. VMWare, Inc. VMWare VMSafe security technology. http://www.vmware.com/ technology/security/vmsafe.html. A. Walters. The Volatility framework: Volatile memory artifact extraction utility framework. https://www.volatilesystems.com/default/volatility. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Network and Distributed Systems Security Symposium, 2003.четверг, 26 июля 12 г.