Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Lukas Beierlieb 1 ; Nicolas Bellmann 1 ; Lukas Iffländer 2 and Samuel Kounev 1

Affiliations: 1 Institute of Computer Science, University of Würzburg, Würzburg, Germany ; 2 Faculty of Informatics, University of Applied Sciences, Dresden, Germany

Keyword(s): Hypervisor, Hyper-V, Hypercall, Logging, Monitoring.

Abstract: Hypervisors such as Xen, VMware ESXi, or Microsoft Hyper-V provide virtual machines used in data centers and cloud computing, making them a popular attack target. One potential attack vector is the hypercall interface, which exposes privileged operations as hypercalls. We present a hypercall logger for the Hyper-V hypercall interface that logs the inputs, outputs, and sequence of hypercalls. The logs should improve the testability of the hypercall interface by helping to construct test cases for the hypercall handlers. Related works in hypercall monitoring analyze less detailed hypercall invocation data with intrusion detection systems. Our logger extends the WinDbg debugger by adding additional commands to set software breakpoints on the hyper-call handler entry and exit within a debugging session with the Hyper-V hypervisor. The evaluation confirmed that the logs are correct and that the breakpoints slow hypercall execution by 100,000 to 200,000. A case study with the hypercall han dler logger helps create test cases for evaluation and demonstrates the logger’s suitability. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.134.112.111

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Beierlieb, L., Bellmann, N., Iffländer, L. and Kounev, S. (2024). Logging Hypercalls to Learn About the Behavior of Hyper-V. In Proceedings of the 19th International Conference on Software Technologies - ICSOFT; ISBN 978-989-758-706-1; ISSN 2184-2833, SciTePress, pages 411-418. DOI: 10.5220/0012768100003753

@conference{icsoft24,
author={Lukas Beierlieb and Nicolas Bellmann and Lukas Iffländer and Samuel Kounev},
title={Logging Hypercalls to Learn About the Behavior of Hyper-V},
booktitle={Proceedings of the 19th International Conference on Software Technologies - ICSOFT},
year={2024},
pages={411-418},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012768100003753},
isbn={978-989-758-706-1},
issn={2184-2833},
}

TY - CONF

JO - Proceedings of the 19th International Conference on Software Technologies - ICSOFT
TI - Logging Hypercalls to Learn About the Behavior of Hyper-V
SN - 978-989-758-706-1
IS - 2184-2833
AU - Beierlieb, L.
AU - Bellmann, N.
AU - Iffländer, L.
AU - Kounev, S.
PY - 2024
SP - 411
EP - 418
DO - 10.5220/0012768100003753
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic