SlideShare a Scribd company logo

VMI and FMA

Vasily Sartakov
Vasily Sartakov

The lecture by Sartakov A. Vasily for Summer Systems School'12. Brief introduction to VMI and FMA technologies. SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security. 1. http://ksyslabs.org/

Education
1 of 4
Download to read offline
VMI and FMA четверг, 26 июля 12 г.
FMA - Forencsic memory analisys seeks to extract forensic information from dumps of physical memory. VMI - Virtual Machine Introspection VMI software runs in an isolated FMA, by contrast, typically takes virtualized environment and monitors place after a security incident is the state of other VMs. This isolation suspected to have occurred. An protects it from tampering by software investigator acquires an image of inside the monitored VM, making it an physical memory and then performs attractive way to implement security offline analysis, extracting software. VMI-based monitoring is information about the system state to performed online and focuses on explain the incident. detecting security events as they occur. четверг, 26 июля 12 г.
VMI: + Dyncamic - changes over time - Need a lot of resources - Effect on system FMA: + No time/resource restrictions + No effect on system - Static Problem: Semantic Gap четверг, 26 июля 12 г.
A. Schuster. Searching for processes and threads in Microsoft Windows memory dumps. In Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS), 2006. VMWare, Inc. VMWare VMSafe security technology. http://www.vmware.com/ technology/security/vmsafe.html. A. Walters. The Volatility framework: Volatile memory artifact extraction utility framework. https://www.volatilesystems.com/default/volatility. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Network and Distributed Systems Security Symposium, 2003. четверг, 26 июля 12 г.

Recommended

The godfather opening sequence analysis
The godfather opening sequence analysisThe godfather opening sequence analysis
The godfather opening sequence analysis
DMaule
 
Pepsi Godfather Advertisement
Pepsi Godfather AdvertisementPepsi Godfather Advertisement
Pepsi Godfather Advertisement
edmond_rosario
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
The Linux Foundation
 
Opening Sequence Analysis - The Godfather Part 1
Opening Sequence Analysis - The Godfather Part 1Opening Sequence Analysis - The Godfather Part 1
Opening Sequence Analysis - The Godfather Part 1
AStamatiou
 
Film noir 9 frame - Godfather
Film noir 9 frame - GodfatherFilm noir 9 frame - Godfather
Film noir 9 frame - Godfather
NathanHunter_
 
MUSEO SANTA TERESA. POTOSÍ, BOLIVIA
MUSEO SANTA TERESA. POTOSÍ, BOLIVIAMUSEO SANTA TERESA. POTOSÍ, BOLIVIA
MUSEO SANTA TERESA. POTOSÍ, BOLIVIA
Maria Rosario Carrasco Patzi
 
Actividad1: Analisis de materiales en formato electrónico
Actividad1: Analisis de materiales en formato electrónicoActividad1: Analisis de materiales en formato electrónico
Actividad1: Analisis de materiales en formato electrónico
Laura Hernández Arias
 
Smb 13032014 hve jan nesvadba cordian
Smb 13032014 hve jan nesvadba cordianSmb 13032014 hve jan nesvadba cordian
Smb 13032014 hve jan nesvadba cordian
SMBBV
 

Recommended

The godfather opening sequence analysis
The godfather opening sequence analysisThe godfather opening sequence analysis
The godfather opening sequence analysis
DMaule
 
Pepsi Godfather Advertisement
Pepsi Godfather AdvertisementPepsi Godfather Advertisement
Pepsi Godfather Advertisement
edmond_rosario
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
The Linux Foundation
 
Opening Sequence Analysis - The Godfather Part 1
Opening Sequence Analysis - The Godfather Part 1Opening Sequence Analysis - The Godfather Part 1
Opening Sequence Analysis - The Godfather Part 1
AStamatiou
 
Film noir 9 frame - Godfather
Film noir 9 frame - GodfatherFilm noir 9 frame - Godfather
Film noir 9 frame - Godfather
NathanHunter_
 
MUSEO SANTA TERESA. POTOSÍ, BOLIVIA
MUSEO SANTA TERESA. POTOSÍ, BOLIVIAMUSEO SANTA TERESA. POTOSÍ, BOLIVIA
MUSEO SANTA TERESA. POTOSÍ, BOLIVIA
Maria Rosario Carrasco Patzi
 
Actividad1: Analisis de materiales en formato electrónico
Actividad1: Analisis de materiales en formato electrónicoActividad1: Analisis de materiales en formato electrónico
Actividad1: Analisis de materiales en formato electrónico
Laura Hernández Arias
 
Smb 13032014 hve jan nesvadba cordian
Smb 13032014 hve jan nesvadba cordianSmb 13032014 hve jan nesvadba cordian
Smb 13032014 hve jan nesvadba cordian
SMBBV
 
Solidos cristalinos
Solidos cristalinosSolidos cristalinos
Solidos cristalinos
Angel Hidalgo Lama REGPONOR-DIRTEPOL
 
Learn about PURLs and Lead Generation
Learn about PURLs and Lead GenerationLearn about PURLs and Lead Generation
Learn about PURLs and Lead Generation
JenSeaman
 
Tema Iv resumen
Tema Iv resumenTema Iv resumen
Tema Iv resumen
Berta Calderon
 
FNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricolaFNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricola
atyguasufnc
 
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination! Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
PromoMasters Online Marketing
 
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to FakeThe Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
v2zq
 
Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0
i4box Anon
 
Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)
Hoa Phượng
 
Softline E-commerce solutions for local markets
Softline E-commerce solutions for local marketsSoftline E-commerce solutions for local markets
Softline E-commerce solutions for local markets
\h Zverev
 
Guia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoGuia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escrito
Marta Montoro
 
Cartografia magnin
Cartografia magninCartografia magnin
Cartografia magnin
Victoria Cordova
 
Google drive y sus usos
Google drive y sus usosGoogle drive y sus usos
Google drive y sus usos
Gloria Forero
 
Mobile internet campaigns
Mobile internet campaignsMobile internet campaigns
Mobile internet campaigns
Reinoud Bosman
 
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /VeranstaltungsorteGustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
Hugo E Martin
 
Indice de producción minera 2009
Indice de producción minera 2009Indice de producción minera 2009
Indice de producción minera 2009
Agencia Exportadora®
 
Malicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR CodesMalicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR Codes
Dylan Irzi
 
Hge carmenfernandez doc
Hge carmenfernandez docHge carmenfernandez doc
Hge carmenfernandez doc
hgefcc
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computing
Priyanka Aash
 
Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?
Design World
 
Мейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиМейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памяти
Vasily Sartakov
 
RnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionRnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific Region
Vasily Sartakov
 
Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и Genode
Vasily Sartakov
 

More Related Content

Viewers also liked

Tema Iv resumen
Tema Iv resumenTema Iv resumen
Tema Iv resumen
Berta Calderon
 
Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)
Hoa Phượng
 
Guia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoGuia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escrito
Marta Montoro
 
Hge carmenfernandez doc
Hge carmenfernandez docHge carmenfernandez doc
Hge carmenfernandez doc
hgefcc
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computing
Priyanka Aash
 

Viewers also liked (19)

Solidos cristalinos
Solidos cristalinosSolidos cristalinos
Solidos cristalinos
 
Learn about PURLs and Lead Generation
Learn about PURLs and Lead GenerationLearn about PURLs and Lead Generation
Learn about PURLs and Lead Generation
 
Tema Iv resumen
Tema Iv resumenTema Iv resumen
Tema Iv resumen
 
FNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricolaFNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricola
 
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination! Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
 
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to FakeThe Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
 
Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0
 
Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)
 
Softline E-commerce solutions for local markets
Softline E-commerce solutions for local marketsSoftline E-commerce solutions for local markets
Softline E-commerce solutions for local markets
 
Guia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoGuia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escrito
 
Cartografia magnin
Cartografia magninCartografia magnin
Cartografia magnin
 
Google drive y sus usos
Google drive y sus usosGoogle drive y sus usos
Google drive y sus usos
 
Mobile internet campaigns
Mobile internet campaignsMobile internet campaigns
Mobile internet campaigns
 
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /VeranstaltungsorteGustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
 
Indice de producción minera 2009
Indice de producción minera 2009Indice de producción minera 2009
Indice de producción minera 2009
 
Malicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR CodesMalicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR Codes
 
Hge carmenfernandez doc
Hge carmenfernandez docHge carmenfernandez doc
Hge carmenfernandez doc
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computing
 
Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?
 

More from Vasily Sartakov

Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и Genode
Vasily Sartakov
 
Защита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReЗащита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4Re
Vasily Sartakov
 
Operating Systems Hardening
Operating Systems HardeningOperating Systems Hardening
Operating Systems Hardening
Vasily Sartakov
 
Особенности Национального RnD
Особенности Национального RnDОсобенности Национального RnD
Особенности Национального RnD
Vasily Sartakov
 

More from Vasily Sartakov (20)

Мейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиМейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памяти
 
RnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionRnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific Region
 
Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и Genode
 
Защита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReЗащита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4Re
 
Hardware Errors and the OS
Hardware Errors and the OSHardware Errors and the OS
Hardware Errors and the OS
 
Operating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceOperating Systems Meet Fault Tolerance
Operating Systems Meet Fault Tolerance
 
Intro
IntroIntro
Intro
 
Genode OS Framework
Genode OS FrameworkGenode OS Framework
Genode OS Framework
 
Operating Systems Hardening
Operating Systems HardeningOperating Systems Hardening
Operating Systems Hardening
 
Особенности Национального RnD
Особенности Национального RnDОсобенности Национального RnD
Особенности Национального RnD
 
Genode Architecture
Genode ArchitectureGenode Architecture
Genode Architecture
 
Genode Components
Genode ComponentsGenode Components
Genode Components
 
Genode Programming
Genode ProgrammingGenode Programming
Genode Programming
 
Genode Compositions
Genode CompositionsGenode Compositions
Genode Compositions
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing Base
 
System Integrity
System IntegritySystem Integrity
System Integrity
 
Intro
IntroIntro
Intro
 
Memory, IPC and L4Re
Memory, IPC and L4ReMemory, IPC and L4Re
Memory, IPC and L4Re
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to Microkernels
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4Re
 

Recently uploaded

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 

Recently uploaded (20)

Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 

VMI and FMA

  • 1. VMI and FMA четверг, 26 июля 12 г.
  • 2. FMA - Forencsic memory analisys seeks to extract forensic information from dumps of physical memory. VMI - Virtual Machine Introspection VMI software runs in an isolated FMA, by contrast, typically takes virtualized environment and monitors place after a security incident is the state of other VMs. This isolation suspected to have occurred. An protects it from tampering by software investigator acquires an image of inside the monitored VM, making it an physical memory and then performs attractive way to implement security offline analysis, extracting software. VMI-based monitoring is information about the system state to performed online and focuses on explain the incident. detecting security events as they occur. четверг, 26 июля 12 г.
  • 3. VMI: + Dyncamic - changes over time - Need a lot of resources - Effect on system FMA: + No time/resource restrictions + No effect on system - Static Problem: Semantic Gap четверг, 26 июля 12 г.
  • 4. A. Schuster. Searching for processes and threads in Microsoft Windows memory dumps. In Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS), 2006. VMWare, Inc. VMWare VMSafe security technology. http://www.vmware.com/ technology/security/vmsafe.html. A. Walters. The Volatility framework: Volatile memory artifact extraction utility framework. https://www.volatilesystems.com/default/volatility. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Network and Distributed Systems Security Symposium, 2003. четверг, 26 июля 12 г.