Sciweavers

OSDI
2002
ACM

ReVirt: Enabling Intrusion Analysis Through Virtual-Machine Logging and Replay

14 years 11 months ago
ReVirt: Enabling Intrusion Analysis Through Virtual-Machine Logging and Replay
Current system loggers have two problems: they depend on the integrity of the operating system being logged, and they do not save sufficient information to replay and analyze attacks that include any non-deterministic events. ReVirt removes the dependency on the target operating system by moving it into a virtual machine and logging below the virtual machine. This allows ReVirt to replay the system's execution before, during, and after an intruder compromises the system, even if the intruder replaces the target operating system. ReVirt logs enough information to replay a long-term execution of the virtual machine instruction-by-instruction. This enables it to provide arbitrarily detailed observations about what transpired on the system, even in the presence of non-deterministic attacks and executions. ReVirt adds reasonable time and space overhead. Overheads due to virtualization are imperceptible for interactive use and CPU-bound workloads, and 13-58% for kernel-intensive worklo...
George W. Dunlap, Samuel T. King, Sukru Cinar, Mur
Added 03 Dec 2009
Updated 03 Dec 2009
Type Conference
Year 2002
Where OSDI
Authors George W. Dunlap, Samuel T. King, Sukru Cinar, Murtaza A. Basrai, Peter M. Chen
Comments (0)