Full metadata record
DC FieldValueLanguage
dc.contributor.authorWang, Chiaweien_US
dc.contributor.authorShieh, Shiuhpyngen_US
dc.date.accessioned2019-04-02T06:04:50Z-
dc.date.available2019-04-02T06:04:50Z-
dc.date.issued2017-01-01en_US
dc.identifier.urihttp://hdl.handle.net/11536/150821-
dc.description.abstractIn-VM agent programs are generally used for the convenience of VM monitor in malware analysis. To prevent malicious interference, the stealthy execution of an in-VM agent is desirable. Existing approaches for stealthy execution of the agent remains detectable if libraries or kernel code of the guest OS is contaminated by malware. Moreover, the lack of applicability to conventional executables limits the agent functionality. In this paper, VMCloak is proposed for the stealthy in-VM agent execution. Our scheme leverages the virtualization technology to perform the real-time binary instrumentation to conceal the fingerprints of an in-VM agent from potential detection. Both stealthiness and integrity of the agent are guaranteed even when the guest OS is compromised. The evaluation shows that VMCloak can cope with the applicability issues, allowing the in-VM agent to perform the same operations as that of ordinary executables.en_US
dc.language.isoen_USen_US
dc.subjectvirtual machineen_US
dc.subjectmalwareen_US
dc.subjectsoftware securityen_US
dc.titleVMCloak: Toward a Stealthy in-VM Agent Executionen_US
dc.typeProceedings Paperen_US
dc.identifier.journal2017 IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTINGen_US
dc.citation.spage115en_US
dc.citation.epage122en_US
dc.contributor.department交大名義發表zh_TW
dc.contributor.departmentNational Chiao Tung Universityen_US
dc.identifier.wosnumberWOS:000450296400013en_US
dc.citation.woscount0en_US
Appears in Collections:Conferences Paper