AMD SimNow Simulator 4.4.4 Manual de usuario descargar pdf (Pagina 3)

ABSTRACT

Malicious software is rampant on the Internet and costs billions of dollars

each year. Safe and thorough analysis of malware is key to protecting vul-

nerable systems and cleaning those that have already been infected. Most

current state-of-the-art analysis platforms run alongside the malware, in-

creasing their detectability. This reduces the value of analysis because some

malware is known to behave diﬀerently when being analyzed. Virtualiza-

tion oﬀers a compelling platform for malware analysis, with strong isolation

and the ability to save and restore guest state. Commodity virtual machine

monitors (VMMs), however, are not designed for malware analysis. Due to

their complexity, they often fail to provide transparency and even expose

vulnerabilities which could be exploited by the malware running inside guest

system.

We design and implement a lightweight VMM (namely MAVMM) that

is created specially for one job: malware analysis. MAVMM does not im-

plement unnecessary virtualization features commonly found in general pur-

pose hypervisors, including virtual device emulation. We take advantage of

hardware virtualization support to make MAVMM more simple, secure and

transparent. In this thesis, we describe the design and implementation of

MAVMM, and the features that we can extract from programs running in-

side the guest OS. We evaluate our platform in three aspects: functionality,

detectability and performance. We show that our system can extract useful

information from malicious software, and that it is not susceptible to known

virtualization detection techniques.

1 2 3 4 5 6 7 8 ... 36 37

Sin comentarios

AMD SimNow Simulator 4.4.4 Manual de usuario Pagina 3