|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-japanese] FYI: FSIJ 9月例会
éåïçççããã XenãéäããããããããMLãããçãããããã çççãNguyen Anh Quynh ãããFSIJãïæääã eKimono ããããèãããã ããããååçéãåèããã http://www.fsij.org/monthly-meetings/2009/Sep ------------------------------------------------------------------ ããã: eKimono: A Malware Scanner for Virtual Machines éåææ 2009å9æ28æ(æææï 18:30 ã 20:30 åæ: æäéåäçååçç1-18-13 çèåãããã 1101 : ççèææäçææèçåççæ çèåäææ 11é äèåå: åäèå1 Nguyen Anh Quynh ããã eKimono ãèãäãããã eKimonoã Virtual Machineãåããåããããããããããããã èè Nguyen Anh Quynh (AIST) Abstract This talk presents eKimono, a new malware scanner for Virtual Machine (VM). By putting eKimono outside of the protected VM, we can fix, or raise the bar in other cases, the most significant flaws in the legacy anti-malware solutions. Advantages offered by our scanner include, but not limited to, the followings: firstly, eKimono is tamper-resistant against malware inside VM, even if the malware compromises the VMâs kernel. Secondly, it is harder to be fooled, because eKimono does not rely on the services provided by VM. Last, but not least, our scanner is invisible from VM, so that malware inside never know that they are being monitored. The architecture and implementation of eKimono will be discussed in length. We will show how our scanner easily supports hypervisors like Xen, KVM and QEMU out-of-the-box. The talk will also demonstrate that it is trivial to support other types of VM, such as VMWare, thanks to its extremely flexible design. Technically, eKimono is a top component of a multiple framework architecture. The talk analyses all the layers and explains how we solve challenges in designing and implementing eKimono. The extended application of the below layers is also examined to prove that our frameworks are not just useful for eKimono, but can also be the base to create many new tools, such as such as live memory forensic and VM administration, for VM. To conclude, this presentation entertains the audience with some live demo on detecting several popular kernel and user-space root-kits in Windows VM. --------------------------------------------------------------------- Quynhãããäèããããããããããããããããçèãããããã SysCan'09 Singapore 2-3/Jul (Singapore) Outspect: Live Memory Forensic and Incident Response for Virtual Machine http://www.syscan.org/Sg/singaporeconference.html Xcon 2009 18-19/Aug (China) Detecting rootkits inside Virtual Machine http://xcon.xfocus.org/speakers.html FrHack 2009 7-8/Sep (France) Memory forensic and incident response for live virtual machine (VM) http://www.frhack.org/frhack-conference.php#virtual-machine-memory-forensic HITBSecConf 2009 06-09/Oct (Malaysia) eKimono: A Malware Scanner for Virtual Machines http://conference.hackinthebox.org/hitbsecconf2009kl/ DeepSec 2009 17-20/Nov (Austria) eKimono: detecting rootkits inside Virtual Machine https://deepsec.net/schedule/ ------ suzaki _______________________________________________ Xen-japanese mailing list Xen-japanese@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/mailman/listinfo/xen-japanese
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |