An Introspective Hypervisor for Software Analysis
Richard Gloo, Stephen Pape, Josh White
- Audience level:
- Intermediate
- Category:
- Useful Libraries
Description
In this poster we present a system for unobtrusive software analysis using IntoVirt. IntroVirt is an introspective hypervisor architecture that supports advanced analysis techniques to include complete guest monitoring and interaction, as well as manipulation and blocking of system calls. The IntroVirt stack is written in C++, but has recently been extended to include Python bindings.
Abstract
The objective of IntroVirt is to provide an introspective hypervisor architecture and infrastructure to support advanced analysis techniques and introspective capability development. The Xen hypervisor provides virtualization of hardware resources to run multiple distinct guest computer systems. By residing architecturally below the target system, an introspective hypervisor can monitor or control a guest virtual machine without direct modification, cooperation, or detection. To date over 17 proof-of-concept tools have been developed that range from analysis of Windows system calls, registry access, network activity, ioctl communications, and open file handles. The IntroVirt framework can be used to overcome challenges in the applications areas of dynamic forensics, reverse engineering, malware analysis, and guest protection.
Sponsors
Diamond
Platinum
Gold
Silver
Patron
OSS / Community
Media
