SlideShare una empresa de Scribd logo
1 de 4
Descargar para leer sin conexión
VMI and FMA




четверг, 26 июля 12 г.
FMA - Forencsic memory analisys
                         seeks to extract forensic information from dumps of physical memory.


          VMI - Virtual Machine Introspection




            VMI software runs in an isolated                          FMA, by contrast, typically takes
            virtualized environment and monitors                      place after a security incident is
            the state of other VMs. This isolation                    suspected to have occurred. An
            protects it from tampering by software                    investigator acquires an image of
            inside the monitored VM, making it an                     physical memory and then performs
            attractive way to implement security                      offline analysis, extracting
            software. VMI-based monitoring is                         information about the system state to
            performed online and focuses on                           explain the incident.
            detecting security events as they occur.

четверг, 26 июля 12 г.
VMI:
              + Dyncamic - changes over
              time
              - Need a lot of resources
              - Effect on system

            FMA:
             + No time/resource restrictions
             + No effect on system
             - Static

            Problem:
             Semantic Gap



четверг, 26 июля 12 г.
A. Schuster. Searching for processes and threads in Microsoft Windows memory
        dumps. In Proceedings of the 6th Annual Digital Forensic Research Workshop
        (DFRWS), 2006.

        VMWare, Inc. VMWare VMSafe security technology. http://www.vmware.com/
        technology/security/vmsafe.html.

        A. Walters. The Volatility framework: Volatile memory artifact extraction utility
        framework. https://www.volatilesystems.com/default/volatility.

        T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture
        for Intrusion Detection. In Proceedings of the Network and Distributed Systems
        Security Symposium, 2003.




четверг, 26 июля 12 г.

Más contenido relacionado

Destacado

Learn about PURLs and Lead Generation
Learn about PURLs and Lead GenerationLearn about PURLs and Lead Generation
Learn about PURLs and Lead GenerationJenSeaman
 
FNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricolaFNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricolaatyguasufnc
 
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination! Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination! PromoMasters Online Marketing
 
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to FakeThe Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fakev2zq
 
Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0i4box Anon
 
Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Hoa Phượng
 
Softline E-commerce solutions for local markets
Softline E-commerce solutions for local marketsSoftline E-commerce solutions for local markets
Softline E-commerce solutions for local markets\h Zverev
 
Guia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoGuia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoMarta Montoro
 
Google drive y sus usos
Google drive y sus usosGoogle drive y sus usos
Google drive y sus usosGloria Forero
 
Mobile internet campaigns
Mobile internet campaignsMobile internet campaigns
Mobile internet campaignsReinoud Bosman
 
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /VeranstaltungsorteGustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /VeranstaltungsorteHugo E Martin
 
Malicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR CodesMalicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR CodesDylan Irzi
 
Hge carmenfernandez doc
Hge carmenfernandez docHge carmenfernandez doc
Hge carmenfernandez dochgefcc
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingPriyanka Aash
 
Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?Design World
 

Destacado (19)

Solidos cristalinos
Solidos cristalinosSolidos cristalinos
Solidos cristalinos
 
Learn about PURLs and Lead Generation
Learn about PURLs and Lead GenerationLearn about PURLs and Lead Generation
Learn about PURLs and Lead Generation
 
Tema Iv resumen
Tema Iv resumenTema Iv resumen
Tema Iv resumen
 
FNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricolaFNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricola
 
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination! Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
 
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to FakeThe Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
 
Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0
 
Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)
 
Softline E-commerce solutions for local markets
Softline E-commerce solutions for local marketsSoftline E-commerce solutions for local markets
Softline E-commerce solutions for local markets
 
Guia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoGuia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escrito
 
Cartografia magnin
Cartografia magninCartografia magnin
Cartografia magnin
 
Google drive y sus usos
Google drive y sus usosGoogle drive y sus usos
Google drive y sus usos
 
Mobile internet campaigns
Mobile internet campaignsMobile internet campaigns
Mobile internet campaigns
 
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /VeranstaltungsorteGustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
 
Indice de producción minera 2009
Indice de producción minera 2009Indice de producción minera 2009
Indice de producción minera 2009
 
Malicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR CodesMalicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR Codes
 
Hge carmenfernandez doc
Hge carmenfernandez docHge carmenfernandez doc
Hge carmenfernandez doc
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computing
 
Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?
 

Más de Vasily Sartakov

Мейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиМейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиVasily Sartakov
 
RnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionRnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionVasily Sartakov
 
Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeVasily Sartakov
 
Защита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReЗащита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReVasily Sartakov
 
Hardware Errors and the OS
Hardware Errors and the OSHardware Errors and the OS
Hardware Errors and the OSVasily Sartakov
 
Operating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceOperating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceVasily Sartakov
 
Operating Systems Hardening
Operating Systems HardeningOperating Systems Hardening
Operating Systems HardeningVasily Sartakov
 
Особенности Национального RnD
Особенности Национального RnDОсобенности Национального RnD
Особенности Национального RnDVasily Sartakov
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to MicrokernelsVasily Sartakov
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 

Más de Vasily Sartakov (20)

Мейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиМейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памяти
 
RnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionRnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific Region
 
Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и Genode
 
Защита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReЗащита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4Re
 
Hardware Errors and the OS
Hardware Errors and the OSHardware Errors and the OS
Hardware Errors and the OS
 
Operating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceOperating Systems Meet Fault Tolerance
Operating Systems Meet Fault Tolerance
 
Intro
IntroIntro
Intro
 
Genode OS Framework
Genode OS FrameworkGenode OS Framework
Genode OS Framework
 
Operating Systems Hardening
Operating Systems HardeningOperating Systems Hardening
Operating Systems Hardening
 
Особенности Национального RnD
Особенности Национального RnDОсобенности Национального RnD
Особенности Национального RnD
 
Genode Architecture
Genode ArchitectureGenode Architecture
Genode Architecture
 
Genode Components
Genode ComponentsGenode Components
Genode Components
 
Genode Programming
Genode ProgrammingGenode Programming
Genode Programming
 
Genode Compositions
Genode CompositionsGenode Compositions
Genode Compositions
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing Base
 
System Integrity
System IntegritySystem Integrity
System Integrity
 
Intro
IntroIntro
Intro
 
Memory, IPC and L4Re
Memory, IPC and L4ReMemory, IPC and L4Re
Memory, IPC and L4Re
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to Microkernels
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4Re
 

Último

ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinojohnmickonozaleda
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance  and worth of ideas part 2.pptxJudging the Relevance  and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxPoojaSen20
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 

Último (20)

ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipino
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance  and worth of ideas part 2.pptxJudging the Relevance  and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptxCulture Uniformity or Diversity IN SOCIOLOGY.pptx
Culture Uniformity or Diversity IN SOCIOLOGY.pptx
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 

VMI and FMA

  • 1. VMI and FMA четверг, 26 июля 12 г.
  • 2. FMA - Forencsic memory analisys seeks to extract forensic information from dumps of physical memory. VMI - Virtual Machine Introspection VMI software runs in an isolated FMA, by contrast, typically takes virtualized environment and monitors place after a security incident is the state of other VMs. This isolation suspected to have occurred. An protects it from tampering by software investigator acquires an image of inside the monitored VM, making it an physical memory and then performs attractive way to implement security offline analysis, extracting software. VMI-based monitoring is information about the system state to performed online and focuses on explain the incident. detecting security events as they occur. четверг, 26 июля 12 г.
  • 3. VMI: + Dyncamic - changes over time - Need a lot of resources - Effect on system FMA: + No time/resource restrictions + No effect on system - Static Problem: Semantic Gap четверг, 26 июля 12 г.
  • 4. A. Schuster. Searching for processes and threads in Microsoft Windows memory dumps. In Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS), 2006. VMWare, Inc. VMWare VMSafe security technology. http://www.vmware.com/ technology/security/vmsafe.html. A. Walters. The Volatility framework: Volatile memory artifact extraction utility framework. https://www.volatilesystems.com/default/volatility. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Network and Distributed Systems Security Symposium, 2003. четверг, 26 июля 12 г.