Loading…

Endpoint Configuration Compliance Monitoring via Virtual Machine Introspection

We describe a system for externally monitoring endpoint configuration compliance of an end user system that provides a high assurance monitoring function and data. Typical approaches to monitoring for endpoint configuration compliance rely on the integrity of the endpoint's operating system and...

Full description

Saved in:
Bibliographic Details
Main Authors: Kienzle, D., Persaud, R., Elder, M.
Format: Conference Proceeding
Language:English
Subjects:
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We describe a system for externally monitoring endpoint configuration compliance of an end user system that provides a high assurance monitoring function and data. Typical approaches to monitoring for endpoint configuration compliance rely on the integrity of the endpoint's operating system and do not protect the monitoring function from subversion or spoofing by threats from within the monitored system. Our approach utilizes (1) a virtual machine architecture on the endpoint system to protect the monitoring function and (2) virtual machine introspection of the end user's environment. In this paper we describe our approach to external monitoring of endpoint configuration compliance, present the technical details of our monitoring system, provide a description of some experimentation and observations, and discuss some of the issues associated with external monitoring.
ISSN:1530-1605
2572-6862
DOI:10.1109/HICSS.2010.182