SlideShare une entreprise Scribd logo

VMI and FMA

Vasily Sartakov
Vasily Sartakov

The lecture by Sartakov A. Vasily for Summer Systems School'12. Brief introduction to VMI and FMA technologies. SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security. 1. http://ksyslabs.org/

Formation
1  sur  4
Télécharger pour lire hors ligne
VMI and FMA четверг, 26 июля 12 г.
FMA - Forencsic memory analisys seeks to extract forensic information from dumps of physical memory. VMI - Virtual Machine Introspection VMI software runs in an isolated FMA, by contrast, typically takes virtualized environment and monitors place after a security incident is the state of other VMs. This isolation suspected to have occurred. An protects it from tampering by software investigator acquires an image of inside the monitored VM, making it an physical memory and then performs attractive way to implement security offline analysis, extracting software. VMI-based monitoring is information about the system state to performed online and focuses on explain the incident. detecting security events as they occur. четверг, 26 июля 12 г.
VMI: + Dyncamic - changes over time - Need a lot of resources - Effect on system FMA: + No time/resource restrictions + No effect on system - Static Problem: Semantic Gap четверг, 26 июля 12 г.
A. Schuster. Searching for processes and threads in Microsoft Windows memory dumps. In Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS), 2006. VMWare, Inc. VMWare VMSafe security technology. http://www.vmware.com/ technology/security/vmsafe.html. A. Walters. The Volatility framework: Volatile memory artifact extraction utility framework. https://www.volatilesystems.com/default/volatility. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Network and Distributed Systems Security Symposium, 2003. четверг, 26 июля 12 г.

Recommandé

The godfather opening sequence analysis
The godfather opening sequence analysisThe godfather opening sequence analysis
The godfather opening sequence analysisDMaule
 
Pepsi Godfather Advertisement
Pepsi Godfather AdvertisementPepsi Godfather Advertisement
Pepsi Godfather Advertisementedmond_rosario
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
 
Opening Sequence Analysis - The Godfather Part 1
Opening Sequence Analysis - The Godfather Part 1Opening Sequence Analysis - The Godfather Part 1
Opening Sequence Analysis - The Godfather Part 1AStamatiou
 
Film noir 9 frame - Godfather
Film noir 9 frame - GodfatherFilm noir 9 frame - Godfather
Film noir 9 frame - GodfatherNathanHunter_
 
MUSEO SANTA TERESA. POTOSÍ, BOLIVIA
MUSEO SANTA TERESA. POTOSÍ, BOLIVIAMUSEO SANTA TERESA. POTOSÍ, BOLIVIA
MUSEO SANTA TERESA. POTOSÍ, BOLIVIAMaria Rosario Carrasco Patzi
 
Actividad1: Analisis de materiales en formato electrónico
Actividad1: Analisis de materiales en formato electrónicoActividad1: Analisis de materiales en formato electrónico
Actividad1: Analisis de materiales en formato electrónicoLaura Hernández Arias
 
Smb 13032014 hve jan nesvadba cordian
Smb 13032014 hve jan nesvadba cordianSmb 13032014 hve jan nesvadba cordian
Smb 13032014 hve jan nesvadba cordianSMBBV
 

Recommandé

The godfather opening sequence analysis
The godfather opening sequence analysisThe godfather opening sequence analysis
The godfather opening sequence analysisDMaule
 
Pepsi Godfather Advertisement
Pepsi Godfather AdvertisementPepsi Godfather Advertisement
Pepsi Godfather Advertisementedmond_rosario
 
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
 
Opening Sequence Analysis - The Godfather Part 1
Opening Sequence Analysis - The Godfather Part 1Opening Sequence Analysis - The Godfather Part 1
Opening Sequence Analysis - The Godfather Part 1AStamatiou
 
Film noir 9 frame - Godfather
Film noir 9 frame - GodfatherFilm noir 9 frame - Godfather
Film noir 9 frame - GodfatherNathanHunter_
 
MUSEO SANTA TERESA. POTOSÍ, BOLIVIA
MUSEO SANTA TERESA. POTOSÍ, BOLIVIAMUSEO SANTA TERESA. POTOSÍ, BOLIVIA
MUSEO SANTA TERESA. POTOSÍ, BOLIVIAMaria Rosario Carrasco Patzi
 
Actividad1: Analisis de materiales en formato electrónico
Actividad1: Analisis de materiales en formato electrónicoActividad1: Analisis de materiales en formato electrónico
Actividad1: Analisis de materiales en formato electrónicoLaura Hernández Arias
 
Smb 13032014 hve jan nesvadba cordian
Smb 13032014 hve jan nesvadba cordianSmb 13032014 hve jan nesvadba cordian
Smb 13032014 hve jan nesvadba cordianSMBBV
 
Solidos cristalinos
Solidos cristalinosSolidos cristalinos
Solidos cristalinosAngel Hidalgo Lama REGPONOR-DIRTEPOL
 
Learn about PURLs and Lead Generation
Learn about PURLs and Lead GenerationLearn about PURLs and Lead Generation
Learn about PURLs and Lead GenerationJenSeaman
 
Tema Iv resumen
Tema Iv resumenTema Iv resumen
Tema Iv resumenBerta Calderon
 
FNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricolaFNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricolaatyguasufnc
 
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination! Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination! PromoMasters Online Marketing
 
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to FakeThe Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fakev2zq
 
Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0i4box Anon
 
Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Hoa Phượng
 
Softline E-commerce solutions for local markets
Softline E-commerce solutions for local marketsSoftline E-commerce solutions for local markets
Softline E-commerce solutions for local markets\h Zverev
 
Guia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoGuia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoMarta Montoro
 
Cartografia magnin
Cartografia magninCartografia magnin
Cartografia magninVictoria Cordova
 
Google drive y sus usos
Google drive y sus usosGoogle drive y sus usos
Google drive y sus usosGloria Forero
 
Mobile internet campaigns
Mobile internet campaignsMobile internet campaigns
Mobile internet campaignsReinoud Bosman
 
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /VeranstaltungsorteGustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /VeranstaltungsorteHugo E Martin
 
Indice de producción minera 2009
Indice de producción minera 2009Indice de producción minera 2009
Indice de producción minera 2009Agencia Exportadora®
 
Malicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR CodesMalicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR CodesDylan Irzi
 
Hge carmenfernandez doc
Hge carmenfernandez docHge carmenfernandez doc
Hge carmenfernandez dochgefcc
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingPriyanka Aash
 
Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?Design World
 
Мейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиМейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиVasily Sartakov
 
RnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionRnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionVasily Sartakov
 
Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeVasily Sartakov
 

Contenu connexe

En vedette

Learn about PURLs and Lead Generation
Learn about PURLs and Lead GenerationLearn about PURLs and Lead Generation
Learn about PURLs and Lead GenerationJenSeaman
 
FNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricolaFNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricolaatyguasufnc
 
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination! Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination! PromoMasters Online Marketing
 
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to FakeThe Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fakev2zq
 
Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0i4box Anon
 
Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Hoa Phượng
 
Softline E-commerce solutions for local markets
Softline E-commerce solutions for local marketsSoftline E-commerce solutions for local markets
Softline E-commerce solutions for local markets\h Zverev
 
Guia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoGuia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoMarta Montoro
 
Google drive y sus usos
Google drive y sus usosGoogle drive y sus usos
Google drive y sus usosGloria Forero
 
Mobile internet campaigns
Mobile internet campaignsMobile internet campaigns
Mobile internet campaignsReinoud Bosman
 
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /VeranstaltungsorteGustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /VeranstaltungsorteHugo E Martin
 
Malicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR CodesMalicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR CodesDylan Irzi
 
Hge carmenfernandez doc
Hge carmenfernandez docHge carmenfernandez doc
Hge carmenfernandez dochgefcc
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingPriyanka Aash
 
Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?Design World
 

En vedette (19)

Solidos cristalinos
Solidos cristalinosSolidos cristalinos
Solidos cristalinos
 
Learn about PURLs and Lead Generation
Learn about PURLs and Lead GenerationLearn about PURLs and Lead Generation
Learn about PURLs and Lead Generation
 
Tema Iv resumen
Tema Iv resumenTema Iv resumen
Tema Iv resumen
 
FNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricolaFNC Paraguay propuesta seguro agricola
FNC Paraguay propuesta seguro agricola
 
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination! Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
Digitale Assistenten = Mehr Gäste im Hotel oder Destination!
 
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to FakeThe Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
The Counterfeiting of Cosmetics - No to Fake ~ uibm.gov.it - No to Fake
 
Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0Ray flow release notes webconsole_ 1.9.0_0
Ray flow release notes webconsole_ 1.9.0_0
 
Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)Bai 23 vung bac trung bo tiet 1 (2)
Bai 23 vung bac trung bo tiet 1 (2)
 
Softline E-commerce solutions for local markets
Softline E-commerce solutions for local marketsSoftline E-commerce solutions for local markets
Softline E-commerce solutions for local markets
 
Guia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escritoGuia trastornos lenguaje oral y escrito
Guia trastornos lenguaje oral y escrito
 
Cartografia magnin
Cartografia magninCartografia magnin
Cartografia magnin
 
Google drive y sus usos
Google drive y sus usosGoogle drive y sus usos
Google drive y sus usos
 
Mobile internet campaigns
Mobile internet campaignsMobile internet campaigns
Mobile internet campaigns
 
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /VeranstaltungsorteGustav Zeitzschel - Auftritte /Veranstaltungsorte
Gustav Zeitzschel - Auftritte /Veranstaltungsorte
 
Indice de producción minera 2009
Indice de producción minera 2009Indice de producción minera 2009
Indice de producción minera 2009
 
Malicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR CodesMalicioso Pixel - Attack QR Codes
Malicioso Pixel - Attack QR Codes
 
Hge carmenfernandez doc
Hge carmenfernandez docHge carmenfernandez doc
Hge carmenfernandez doc
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computing
 
Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?Why should you make tooling with 3D printing?
Why should you make tooling with 3D printing?
 

Plus de Vasily Sartakov

Мейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиМейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиVasily Sartakov
 
RnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionRnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionVasily Sartakov
 
Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeVasily Sartakov
 
Защита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReЗащита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReVasily Sartakov
 
Hardware Errors and the OS
Hardware Errors and the OSHardware Errors and the OS
Hardware Errors and the OSVasily Sartakov
 
Operating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceOperating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceVasily Sartakov
 
Operating Systems Hardening
Operating Systems HardeningOperating Systems Hardening
Operating Systems HardeningVasily Sartakov
 
Особенности Национального RnD
Особенности Национального RnDОсобенности Национального RnD
Особенности Национального RnDVasily Sartakov
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to MicrokernelsVasily Sartakov
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 

Plus de Vasily Sartakov (20)

Мейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памятиМейнстрим технологии шифрованной памяти
Мейнстрим технологии шифрованной памяти
 
RnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific RegionRnD Collaborations in Asia-Pacific Region
RnD Collaborations in Asia-Pacific Region
 
Сетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и GenodeСетевая подсистема в L4Re и Genode
Сетевая подсистема в L4Re и Genode
 
Защита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4ReЗащита памяти при помощи NX-bit в среде L4Re
Защита памяти при помощи NX-bit в среде L4Re
 
Hardware Errors and the OS
Hardware Errors and the OSHardware Errors and the OS
Hardware Errors and the OS
 
Operating Systems Meet Fault Tolerance
Operating Systems Meet Fault ToleranceOperating Systems Meet Fault Tolerance
Operating Systems Meet Fault Tolerance
 
Intro
IntroIntro
Intro
 
Genode OS Framework
Genode OS FrameworkGenode OS Framework
Genode OS Framework
 
Operating Systems Hardening
Operating Systems HardeningOperating Systems Hardening
Operating Systems Hardening
 
Особенности Национального RnD
Особенности Национального RnDОсобенности Национального RnD
Особенности Национального RnD
 
Genode Architecture
Genode ArchitectureGenode Architecture
Genode Architecture
 
Genode Components
Genode ComponentsGenode Components
Genode Components
 
Genode Programming
Genode ProgrammingGenode Programming
Genode Programming
 
Genode Compositions
Genode CompositionsGenode Compositions
Genode Compositions
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing Base
 
System Integrity
System IntegritySystem Integrity
System Integrity
 
Intro
IntroIntro
Intro
 
Memory, IPC and L4Re
Memory, IPC and L4ReMemory, IPC and L4Re
Memory, IPC and L4Re
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to Microkernels
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4Re
 

Dernier

Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...DhatriParmar
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1GloryAnnCastre1
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research DiscourseAnita GoswamiGiri
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptxmary850239
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Developmentchesterberbo7
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 

Dernier (20)

Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
Blowin' in the Wind of Caste_ Bob Dylan's Song as a Catalyst for Social Justi...
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research Discourse
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Using Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea DevelopmentUsing Grammatical Signals Suitable to Patterns of Idea Development
Using Grammatical Signals Suitable to Patterns of Idea Development
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 

VMI and FMA

  • 1. VMI and FMA четверг, 26 июля 12 г.
  • 2. FMA - Forencsic memory analisys seeks to extract forensic information from dumps of physical memory. VMI - Virtual Machine Introspection VMI software runs in an isolated FMA, by contrast, typically takes virtualized environment and monitors place after a security incident is the state of other VMs. This isolation suspected to have occurred. An protects it from tampering by software investigator acquires an image of inside the monitored VM, making it an physical memory and then performs attractive way to implement security offline analysis, extracting software. VMI-based monitoring is information about the system state to performed online and focuses on explain the incident. detecting security events as they occur. четверг, 26 июля 12 г.
  • 3. VMI: + Dyncamic - changes over time - Need a lot of resources - Effect on system FMA: + No time/resource restrictions + No effect on system - Static Problem: Semantic Gap четверг, 26 июля 12 г.
  • 4. A. Schuster. Searching for processes and threads in Microsoft Windows memory dumps. In Proceedings of the 6th Annual Digital Forensic Research Workshop (DFRWS), 2006. VMWare, Inc. VMWare VMSafe security technology. http://www.vmware.com/ technology/security/vmsafe.html. A. Walters. The Volatility framework: Volatile memory artifact extraction utility framework. https://www.volatilesystems.com/default/volatility. T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the Network and Distributed Systems Security Symposium, 2003. четверг, 26 июля 12 г.