HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation

Semantic monitoring mechanisms dedicated to security monitoring in IaaS cloud

Yacine Hebbal 1, 2
2 ASCOLA - Aspect and Composition Languages
Inria Rennes – Bretagne Atlantique , LS2N - Laboratoire des Sciences du Numérique de Nantes
Abstract : Virtual Machine Introspection (VMI) consists inmonitoring VMs security from the hypervisor layer which offers thanks to its location a strong visibility on their activities in addition to a strong isolation from them. However, hypervisor view of VMs is just raw bits and bytes in addition to hardware states. The semantic difference between this raw view and the one needed for VM security monitoring presents a significant challenge for VMI called “the semantic gap”. In order to obtain semantic information about VM states and activities for monitoring their security from the hypervisor layer, we present in this thesis a set of techniques based on analysis and reuse of VM kernel binary code. These techniques enable to identify addresses and names of most VM kernel functions then instrument (call, intercept and analyze) them to automatically bridge the semantic gap regardless of challenges presented by compiler optimizations and kernel base address randomization.
Document type :
Complete list of metadata

Cited literature [114 references]  Display  Hide  Download

Contributor : Abes Star :  Contact
Submitted on : Tuesday, May 22, 2018 - 11:59:04 AM
Last modification on : Wednesday, April 27, 2022 - 3:51:05 AM
Long-term archiving on: : Monday, September 24, 2018 - 10:43:48 AM


Version validated by the jury (STAR)


  • HAL Id : tel-01797056, version 1


Yacine Hebbal. Semantic monitoring mechanisms dedicated to security monitoring in IaaS cloud. Computation and Language [cs.CL]. Ecole nationale supérieure Mines-Télécom Atlantique, 2017. English. ⟨NNT : 2017IMTA0029⟩. ⟨tel-01797056⟩



Record views


Files downloads