QEMU-based framework for non-intrusive virtual machine instrumentation and introspection
| Autor: | Pavel Dovgalyuk, Ivan Vasiliev, Vladimir Makarov, Natalia Fursova |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
0301 basic medicine
Source code Computer science business.industry media_common.quotation_subject Application binary interface 020207 software engineering 02 engineering and technology computer.software_genre Set (abstract data type) 03 medical and health sciences 030104 developmental biology Virtual machine Embedded system 0202 electrical engineering electronic engineering information engineering Operating system Introspection Binary code Instrumentation (computer programming) Analysis tools business computer media_common |
| Zdroj: | ESEC/SIGSOFT FSE |
| DOI: | 10.1145/3106237.3122817 |
| Popis: | This paper presents the framework based on the emulator QEMU. Our framework provides set of multi-platform analysis tools for the virtual machines and mechanism for creating instrumentation and analysis tools. Our framework is based on a lightweight approach to dynamic analysis of binary code executed in virtual machines. This approach is non-intrusive and provides system-wide analysis capabilities. It does not require loading any guest agents and source code of the OS. Therefore it may be applied to ROM-based guest systems and enables using of record/replay of the system execution. We use application binary interface (ABI) of the platform to be analyzed for creating introspection tools. These tools recover the part of kernel-level information related to the system calls executed on the guest machine. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|