Full metadata record
DC FieldValueLanguage
dc.contributor.author許家維en_US
dc.contributor.authorHsu, Chia-Weien_US
dc.contributor.author謝續平en_US
dc.contributor.authorShieh, Shiuh-Pyngen_US
dc.date.accessioned2014-12-12T01:34:24Z-
dc.date.available2014-12-12T01:34:24Z-
dc.date.issued2009en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT079656518en_US
dc.identifier.urihttp://hdl.handle.net/11536/43476-
dc.description.abstract在除錯系統跟惡意軟體分析領域之中,系統執行狀態回復是一項很重要的議題。系統回復不僅僅可以讓使用者清楚地知道當時出錯的狀況,也可以用於事後的還原。然而,現今的系統日誌和系統回復的技術並無法被廣泛的被利用。原因就在於系統回復的功能很難達成,且無法完全地、清楚地讓使用者詳細的知道系統狀況。系統回復實做的難處在於下列幾點:1)大多數的狀態回復,只能針對單一程序。2) 由於要獲得回復的資訊,可能要修改現有的作業系統或是軟體。3) 硬體中斷和程序排程的資訊很難從軟體層獲得。4) 在系統回復的同時,要確保不會影響到執行的結果。基於以上四點原因,我們利用虛擬機器實做出一個具有回復性、準確性的回復系統。此系統對於軟體除錯、惡意程式分析和系統還原都具有極大的貢獻。由於本系統只考慮紀錄不可變因素,已達到有效的減低系統回復的運算量與其記錄的空間量。根據這些有效的記錄資訊,我們可以精確的回復系統執行狀態,甚至確保指令執行的順序不被更變,而達到更正確的分析結果。zh_TW
dc.description.abstractReplaying of execution sequence and state transition of a system is very useful for software testing, malware analysis and post-attack recovery. However, existing system logging and replaying techniques have restricted abilities and hence cannot be applied widely. Most of them are unable to perform a general whole-system analysis for the following reasons: 1) It can only replay a single process's running. 2) Modification needs to be done in OS kernel 3) Non-deterministic events such as interrupts and context switches cannot be replayed. 4) An intrusive analysis might influence the replaying result. This paper proposed a general whole-system VM-based logging and replaying mechanism. To record efficiently, our scheme only takes non-deterministic information into account such as most hardware interrupts and non-deterministic data from external I/O devices. Based on the recorded data, the accuracy of the replaying is assured. The state transition of the whole-system can be perfectly replayed; even the execution sequence of all instructions is preserved.en_US
dc.language.isoen_USen_US
dc.subject虛擬機器zh_TW
dc.subject系統回復zh_TW
dc.subject系統重播zh_TW
dc.subjectVMen_US
dc.subjectvirtual machineen_US
dc.subjectExecution Replayingen_US
dc.title基於虛擬機器做整體系統狀態回復zh_TW
dc.titleVM-based Instruction Level Whole-system Replayingen_US
dc.typeThesisen_US
dc.contributor.department網路工程研究所zh_TW
Appears in Collections:Thesis


Files in This Item:

  1. 651802.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.