This invention encompasses a set of techniques to automatically bridge the semantic gap in virtual machine introspection thus allowing a trusted machine to inspect other machines (physical or virtual) safely, quickly, and reliably.
Background:
In Cloud Computing, a secure (“trusted”) virtual machine is often used to monitor (“introspect”) the activity of other virtual machines, because the trusted machine can be isolated from the Internet and it is therefore difficult for hackers to compromise. This technique, Virtual Machine Introspection, or VMI, is one of the foundations of cloud computing. However, a problem with this approach is the difficulty of interpreting the low-level bits and bytes that are available from the memory of the machine being scanned at the high level at which humans and anti-virus software operates. This is known as the “semantic gap.”
Bridging this semantic gap currently requires manual reverse engineering and construction of introspection routines. This approach is tedious, time-consuming, and error prone.
Potential Benefits:
· Transparent to end users, native application developers, and operating system – (e.g., it does not require that anti-virus providers modify their code to do introspection)
· Automatic – fast, error-free, no labor costs
· More secure than current methods
· More reliable than current methods
· Not impacted by updates to programs, etc. on machine being scanned
Potential Applications:
· Management of virtual machines in cloud computing (by Cloud provider)
· Intrusion detection (by end-user, or enterprise)
· Anti-virus protection (by end-user, or enterprise)
· Virtual Machine Introspection/Management (by Cloud provider)
· Forensic analysis of machine memory (in cybercrime, etc. investigations, by law-enforcement)
IP Status:
United States patent 9,529,614 issued on December 27th, 2016.
Inventors:
Zhiqiang Lin
Additional Materials: Published Article, entitled, Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection
ID Number: MP-12-014
Licensing Opportunity: This technology is available for exclusive or non-exclusive licensing.
Contact: otc@utdallas.edu