Open Access. Powered by Scholars. Published by Universities.®
Databases and Information Systems Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Databases and Information Systems
Catch You With Cache: Out-Of-Vm Introspection To Trace Malicious Executions, Chao Su, Xuhua Ding, Qinghai Zeng
Catch You With Cache: Out-Of-Vm Introspection To Trace Malicious Executions, Chao Su, Xuhua Ding, Qinghai Zeng
Research Collection School Of Computing and Information Systems
Out-of-VM introspection is an imperative part of security analysis. The legacy methods either modify the system, introducing enormous overhead, or rely heavily on hardware features, which are neither available nor practical in most cloud environments. In this paper, we propose a novel analysis method, named as Catcher, that utilizes CPU cache to perform out-of-VM introspection. Catcher does not make any modifications to the target program and its running environment, nor demands special hardware support. Implemented upon Linux KVM, it natively introspects the target's virtual memory. More importantly, it uses the cache-based side channel to infer the target control flow. To …