@inproceedings{91cd01f95ece4838ab8f0070c258c7b0,
title = "System call redirection: A practical approach to meeting real-world virtual machine introspection needs",
abstract = "Existing VMI techniques have high overhead, and require customized introspection programs/tools for different guest OS versions - lack of generality. In this paper, we present Shadow Context, a system for close-to-real time manual-effort-free VMI. Shadow Context can meet several important real-world VMI needs which existing VMI techniques cannot. Compared to other automatic introspection tool generation techniques, Shadow Contexthas two merits: (1) Its overhead is significantly less. It achieves close-to-real time VMI. (2) It significantly improves the practical usefulness of introspection tools by allowing one introspection program to inspect a variety of guest OS versions. These merits are achieved via a new concept called 'Shadow Context' which allows the guest OSessystem call code to be reused inside a 'shadowed' portion of the context of the out-of-guest inspection program. Besides, Shadow Context is secure enough to defend against a variety of real world attacks. Shadow Context is designed, implemented and systematically evaluated. Experimental results show that the performance overhead is about 75%with a median initialization time of 0.117 milliseconds.",
author = "Rui Wu and Ping Chen and Peng Liu and Bing Mao",
year = "2014",
month = sep,
day = "18",
doi = "10.1109/DSN.2014.59",
language = "English (US)",
series = "Proceedings of the International Conference on Dependable Systems and Networks",
publisher = "IEEE Computer Society",
pages = "574--585",
booktitle = "Proceedings of the International Conference on Dependable Systems and Networks",
address = "United States",
note = "44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2014 ; Conference date: 23-06-2014 Through 26-06-2014",
}