須崎@産総研です。
Xenに関係するのでこちらのMLにもお知らせします。
産総研のNguyen Anh Quynh さんがFSIJの9月例会で eKimono のついて話します。
こちらは参加登録が必要です。
http://www.fsij.org/monthly-meetings/2009/Sep
------------------------------------------------------------------
テーマ: eKimono: A Malware Scanner for Virtual Machines
開催日時 2009年9月28日(月曜日) 18:30 〜 20:30
場所: 東京都千代田区外神田1-18-13 秋葉原ダイビル 1101
: 独立行政法人産業技術総合研究所 秋葉原事業所
11階 会議室名: 大会議室1
Nguyen Anh Quynh さんに eKimono の話を伺います。 eKimonoは Virtual
Machineに対して働くマルウェアスキャナです。
話者 Nguyen Anh Quynh (AIST)
Abstract
This talk presents eKimono, a new malware scanner for Virtual Machine
(VM). By putting eKimono outside of the protected VM, we can fix, or
raise the bar in other cases, the most significant flaws in the legacy
anti-malware solutions. Advantages offered by our scanner include, but
not limited to, the followings: firstly, eKimono is tamper-resistant
against malware inside VM, even if the malware compromises the VM’s
kernel. Secondly, it is harder to be fooled, because eKimono does not
rely on the services provided by VM. Last, but not least, our scanner
is invisible from VM, so that malware inside never know that they are
being monitored.
The architecture and implementation of eKimono will be discussed in
length. We will show how our scanner easily supports hypervisors like
Xen, KVM and QEMU out-of-the-box. The talk will also demonstrate that
it is trivial to support other types of VM, such as VMWare, thanks to
its extremely flexible design.
Technically, eKimono is a top component of a multiple framework
architecture. The talk analyses all the layers and explains how we
solve challenges in designing and implementing eKimono. The extended
application of the below layers is also examined to prove that our
frameworks are not just useful for eKimono, but can also be the base
to create many new tools, such as such as live memory forensic and VM
administration, for VM.
To conclude, this presentation entertains the audience with some live
demo on detecting several popular kernel and user-space root-kits in
Windows VM.
---------------------------------------------------------------------
Quynhさんは下記のセキュリティカンファレンスでも発表しています。
SysCan'09 Singapore 2-3/Jul (Singapore)
Outspect: Live Memory Forensic and Incident Response for Virtual Machine
http://www.syscan.org/Sg/singaporeconference.html
Xcon 2009 18-19/Aug (China)
Detecting rootkits inside Virtual Machine
http://xcon.xfocus.org/speakers.html
FrHack 2009 7-8/Sep (France)
Memory forensic and incident response for live virtual machine (VM)
http://www.frhack.org/frhack-conference.php#virtual-machine-memory-forensic
HITBSecConf 2009 06-09/Oct (Malaysia)
eKimono: A Malware Scanner for Virtual Machines
http://conference.hackinthebox.org/hitbsecconf2009kl/
DeepSec 2009 17-20/Nov (Austria)
eKimono: detecting rootkits inside Virtual Machine
https://deepsec.net/schedule/
------
suzaki
_______________________________________________
Xen-japanese mailing list
Xen-japanese@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-japanese
|