The Experts below are selected from a list of 345 Experts worldwide ranked by ideXlab platform
Wenke Lee - One of the best experts on this subject based on the ideXlab platform.
-
Ether: malware analysis via Hardware Virtualization extensions
Ccs, 2008Co-Authors: Artem Dinaburg, Monirul Sharif, Paul Royal, Wenke LeeAbstract:Malware has become the centerpiece of most security threats on the Internet. Malware analysis is an essential technology that extracts the runtime behavior of malware, and supplies signatures to detection systems and provides evidence for recovery and cleanup. The focal point in the malware analysis battle is how to detect versus how to hide a malware analyzer from malware during runtime. State-of-the-art analyzers reside in or emulate part of the guest operating system and its underlying Hardware, making them easy to detect and evade. In this paper, we propose a transparent and external approach to malware analysis, which is motivated by the intuition that for a malware analyzer to be transparent, it must not induce any side-effects that are unconditionally detectable by malware. Our analyzer, Ether, is based on a novel application of Hardware Virtualization extensions such as Intel VT, and resides completely outside of the target OS environment. Thus, there are no in-guest software components vulnerable to detection, and there are no shortcomings that arise from incomplete or inaccurate system emulation. Our experiments are based on our study of obfuscation techniques used to create 25,000 recent malware samples. The results show that Ether remains transparent and defeats the obfuscation tools that evade existing approaches.
Kiyeol Lee - One of the best experts on this subject based on the ideXlab platform.
-
A performance comparison of linux containers and virtual machines using Docker and KVM
Cluster Computing, 2019Co-Authors: Minsu Chae, Hwamin Lee, Kiyeol LeeAbstract:Virtualization is a foundational element of cloud computing. Since cloud computing is slower than a native system, this study analyzes ways to improve performance. We compared the performance of Docker and Kernel-based virtual machine (KVM). KVM uses full Virtualization, including $$\times $$ × 86 Hardware Virtualization extensions. Docker is a solution provided by isolation in userspace instead of creating a virtual machine. The performance of KVM and Docker was compared in three ways. These comparisons show that Docker is faster than KVM.
Aggelos Kiayias - One of the best experts on this subject based on the ideXlab platform.
-
Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system
Proceedings of the 30th Annual Computer Security Applications Conference on - ACSAC '14, 2014Co-Authors: Tamas K. Lengyel, Steve Maresca, Simon Vogl, Bryan D. Payne, George D. Webster, Aggelos KiayiasAbstract:Malware is one of the biggest security threats on the Internet today and deploying effective defensive solutions requires the rapid analysis of a continuously increasing number of malware samples. With the proliferation of metamorphic malware the analysis is further complicated as the efficacy of signature-based static analysis systems is greatly reduced. While dynamic malware analysis is an effective alternative, the approach faces significant challenges as the ever increasing number of samples requiring analysis places a burden on Hardware resources. At the same time modern malware can both detect the monitoring environment and hide in unmonitored corners of the system. In this paper we present DRAKVUF, a novel dynamic malware analysis system designed to address these challenges by building on the latest Hardware Virtualization extensions and the Xen hypervisor. We present a technique for improving stealth by initiating the execution of malware samples without leaving any trace in the analysis machine. We also present novel techniques to eliminate blind-spots created by kernel-mode rootkits by extending the scope of monitoring to include kernel internal functions, and to monitor file-system accesses through the kernel's heap allocations. With extensive tests performed on recent malware samples we show that DRAKVUF achieves significant improvements in conserving Hardware resources while providing a stealthy, in-depth view into the behavior of modern malware.
Artem Dinaburg - One of the best experts on this subject based on the ideXlab platform.
-
Ether: malware analysis via Hardware Virtualization extensions
Ccs, 2008Co-Authors: Artem Dinaburg, Monirul Sharif, Paul Royal, Wenke LeeAbstract:Malware has become the centerpiece of most security threats on the Internet. Malware analysis is an essential technology that extracts the runtime behavior of malware, and supplies signatures to detection systems and provides evidence for recovery and cleanup. The focal point in the malware analysis battle is how to detect versus how to hide a malware analyzer from malware during runtime. State-of-the-art analyzers reside in or emulate part of the guest operating system and its underlying Hardware, making them easy to detect and evade. In this paper, we propose a transparent and external approach to malware analysis, which is motivated by the intuition that for a malware analyzer to be transparent, it must not induce any side-effects that are unconditionally detectable by malware. Our analyzer, Ether, is based on a novel application of Hardware Virtualization extensions such as Intel VT, and resides completely outside of the target OS environment. Thus, there are no in-guest software components vulnerable to detection, and there are no shortcomings that arise from incomplete or inaccurate system emulation. Our experiments are based on our study of obfuscation techniques used to create 25,000 recent malware samples. The results show that Ether remains transparent and defeats the obfuscation tools that evade existing approaches.
R. G. Mann - One of the best experts on this subject based on the ideXlab platform.
-
Use of Docker for deployment and testing of astronomy software
Astronomy and Computing, 2017Co-Authors: D. Morris, N. C. Hambly, S. Voutsinas, R. G. MannAbstract:We describe preliminary investigations of using Docker for the deployment and testing of astronomy software. Docker is a relatively new containerization technology that is developing rapidly and being adopted across a range of domains. It is based upon Virtualization at operating system level, which presents many advantages in comparison to the more traditional Hardware Virtualization that underpins most cloud computing infrastructure today. A particular strength of Docker is its simple format for describing and managing software containers, which has benefits for software developers, system administrators and end users. We report on our experiences from two projects – a simple activity to demonstrate how Docker works, and a more elaborate set of services that demonstrates more of its capabilities and what they can achieve within an astronomical context – and include an account of how we solved problems through interaction with Docker's very active open source development community, which is currently the key to the most effective use of this rapidly-changing technology.
