VMware Academic Program
Committed to strengthening VMware’s relationship with the academic and research communities.
Home » Academic » Publications » Decoupling Dynamic Program Analysis from Execution in Virtual Environments

Decoupling Dynamic Program Analysis from Execution in Virtual Environments

Download PDF

Decoupling Dynamic Program Analysis from Execution in Virtual Environments

USENIX Annual Technical Conference (ATC) • June 2008

Analyzing the behavior of running programs has a wide variety of compelling applications, from intrusion detection and prevention to bug discovery. Unfortunately, the high runtime overheads imposed by complex analysis techniques makes their deployment impractical in most settings. We present a virtual machine based architecture called Aftersight, which ameliorates this, providing a flexible and practical way to run heavyweight analyses on production workloads. We present our experience implementing Aftersight as part of the VMware virtual machine platform and using it to develop a realtime intrusion detection and prevention system, as well as an an offline system for bug detection, which we used to detect numerous novel and serious bugs in VMware ESX Server, Linux, and Windows applications.

Authors

Peter M. Chen, Jim Chow, Tal Garfinkel

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Publications

VMware employees and staff produce numerous papers and publications. Browse through the collection to find papers on a variety of topics.

VMware Office of the CTO

VMware Communities Roundtable Podcast

Hear VMware's own Dana Nourie and Andre Leibovici discuss the Flings process and the latest from VMware Labs!

Download episode