2009 Proceeding- Program Chair:
- Angelos Stavrou
- Sponsor:
- sigsac
Welcome to the 1st Workshop on Virtual Machine Security (VMSec)!
In these proceedings, you will find the 6 papers presented at VMSec Workshop held in conjunction with the ACM Conference on Computer & Communications Security. This workshop aims to bring together leading researchers and practitioners in the fields of virtualization and security to present the latest work on these topics. Each paper received at least 3 reviews from the PC members with most of the papers having 4 reviews in total. Some of the papers were very controversial and were discussed in detail by the PC members after the end of the review process. The final decisions were made based on those discussions.
VMSec is the first workshop to deal exclusively with virtual machine security. Virtualization has seen an explosion in growth in deployment, implementations, and applications. In addition, it seems that virtualization holds unique properties that make it attractive for security including isolation, compartmentalization, live state capture, and replay. In the past, virtualization has been used to study malicious software as well as to prevent malicious software infection. We believe that the large-scale use of virtualization offers new opportunities and challenges regarding security. We hope that this workshop will provoke fruitful discussions for researchers and practitioners, from both industry and academia.
Proceeding Downloads
A formal model for virtual machine introspection
Virtual machine introspection (VMI) describes the method of monitoring and analyzing the state of a virtual machine from the hypervisor level. In this paper, we present a formal discussion of the development of VMI-based security applications. We begin ...
Emulating emulation-resistant malware
The authors of malware attempt to frustrate reverse engineering and analysis by creating programs that crash or otherwise behave differently when executed on an emulated platform than when executed on real hardware. In order to defeat such techniques ...
TimeCapsule: secure recording of accesses to a protected datastore
We present an approach for transparently recording accesses to protected storage. In particular, we provide a framework for data monitoring in a virtualized environment using only the abstractions exposed by the hypervisor. To achieve our goals, we ...
The cake is a lie: privilege rings as a policy resource
Components of commodity OS kernels typically execute at the same privilege level. Consequently, the compromise of even a single component undermines the trustworthiness of the entire kernel and its ability to enforce separation between user-level ...
Application containers without virtual machines
This position paper introduces lightweight cryptographic jails (CryptoJails) that protect the privacy of application data by intercepting write accesses and redirecting them to encrypted application containers. CryptoJails ensure that application data (...
Availability-sensitive intrusion recovery
A system-wide comprehensive cleaning is the primary goal of intrusion recovery. However, the diversity of the vulnerabilities, the creativity of the attackers and the complexity of system contribute to the difficulty of 'sweeping the footprint' of ...