Endpoint Configuration Compliance Monitoring via Virtual Machine Introspection

We describe a system for externally monitoring endpoint configuration compliance of an end user system that provides a high assurance monitoring function and data. Typical approaches to monitoring for endpoint configuration compliance rely on the integrity of the endpoint's operating system and...

Full description

Saved in:
Bibliographic Details
Main Authors: Kienzle, D., Persaud, R., Elder, M.
Format: Conference Proceeding
Language:English
Subjects:
Application software
Computer architecture
Condition monitoring
Hardware
Information security
Operating systems
Platform virtualization
Protection
Virtual machine monitors
Virtual machining
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 10
container_issue
container_start_page 1
container_title
container_volume
creator Kienzle, D.
Persaud, R.
Elder, M.
description We describe a system for externally monitoring endpoint configuration compliance of an end user system that provides a high assurance monitoring function and data. Typical approaches to monitoring for endpoint configuration compliance rely on the integrity of the endpoint's operating system and do not protect the monitoring function from subversion or spoofing by threats from within the monitored system. Our approach utilizes (1) a virtual machine architecture on the endpoint system to protect the monitoring function and (2) virtual machine introspection of the end user's environment. In this paper we describe our approach to external monitoring of endpoint configuration compliance, present the technical details of our monitoring system, provide a description of some experimentation and observations, and discuss some of the issues associated with external monitoring.
doi_str_mv 10.1109/HICSS.2010.182
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5428670</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5428670</ieee_id><sourcerecordid>5428670</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-6e9f591958a9c2dc04b333c9c54e52d009378e4aac5131b73580fc819ddce3733</originalsourceid><addsrcrecordid>eNotjMtOAjEYRustEZCtGzd9gcG_93ZpJiCTgC4gbknpdLBm6Ew6xcS3VyKrk5OT70PokcCMEDDPy6rcbGYUzq7pFRoTTjkXggC7RiMqFC2klvQGTY3SlwZG3qIREQwKIkHco_EwfAFQ4ESO0Ns81n0XYsZlF5twOCWbQxf_7Ni3wUbn8bqLIXcpxAP-DhZ_hJRPtsVr6z5D9LiKOXVD791594DuGtsOfnrhBG0X8225LFbvr1X5siqCgVxIbxphiBHaGkdrB3zPGHPGCe4FrQEMU9pza50gjOwVExoap4mpa-eZYmyCnv5vg_d-16dwtOlnJzjVUgH7BcQ7Ui0</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Endpoint Configuration Compliance Monitoring via Virtual Machine Introspection</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Kienzle, D. ; Persaud, R. ; Elder, M.</creator><creatorcontrib>Kienzle, D. ; Persaud, R. ; Elder, M.</creatorcontrib><description>We describe a system for externally monitoring endpoint configuration compliance of an end user system that provides a high assurance monitoring function and data. Typical approaches to monitoring for endpoint configuration compliance rely on the integrity of the endpoint's operating system and do not protect the monitoring function from subversion or spoofing by threats from within the monitored system. Our approach utilizes (1) a virtual machine architecture on the endpoint system to protect the monitoring function and (2) virtual machine introspection of the end user's environment. In this paper we describe our approach to external monitoring of endpoint configuration compliance, present the technical details of our monitoring system, provide a description of some experimentation and observations, and discuss some of the issues associated with external monitoring.</description><identifier>ISSN: 1530-1605</identifier><identifier>ISBN: 9781424455096</identifier><identifier>ISBN: 142445509X</identifier><identifier>EISSN: 2572-6862</identifier><identifier>EISBN: 1424455103</identifier><identifier>EISBN: 9781424455102</identifier><identifier>DOI: 10.1109/HICSS.2010.182</identifier><language>eng</language><publisher>IEEE</publisher><subject>Application software ; Computer architecture ; Condition monitoring ; Hardware ; Information security ; Operating systems ; Platform virtualization ; Protection ; Virtual machine monitors ; Virtual machining</subject><ispartof>2010 43rd Hawaii International Conference on System Sciences, 2010, p.1-10</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5428670$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54555,54920,54932</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5428670$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Kienzle, D.</creatorcontrib><creatorcontrib>Persaud, R.</creatorcontrib><creatorcontrib>Elder, M.</creatorcontrib><title>Endpoint Configuration Compliance Monitoring via Virtual Machine Introspection</title><title>2010 43rd Hawaii International Conference on System Sciences</title><addtitle>HICSS</addtitle><description>We describe a system for externally monitoring endpoint configuration compliance of an end user system that provides a high assurance monitoring function and data. Typical approaches to monitoring for endpoint configuration compliance rely on the integrity of the endpoint's operating system and do not protect the monitoring function from subversion or spoofing by threats from within the monitored system. Our approach utilizes (1) a virtual machine architecture on the endpoint system to protect the monitoring function and (2) virtual machine introspection of the end user's environment. In this paper we describe our approach to external monitoring of endpoint configuration compliance, present the technical details of our monitoring system, provide a description of some experimentation and observations, and discuss some of the issues associated with external monitoring.</description><subject>Application software</subject><subject>Computer architecture</subject><subject>Condition monitoring</subject><subject>Hardware</subject><subject>Information security</subject><subject>Operating systems</subject><subject>Platform virtualization</subject><subject>Protection</subject><subject>Virtual machine monitors</subject><subject>Virtual machining</subject><issn>1530-1605</issn><issn>2572-6862</issn><isbn>9781424455096</isbn><isbn>142445509X</isbn><isbn>1424455103</isbn><isbn>9781424455102</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2010</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotjMtOAjEYRustEZCtGzd9gcG_93ZpJiCTgC4gbknpdLBm6Ew6xcS3VyKrk5OT70PokcCMEDDPy6rcbGYUzq7pFRoTTjkXggC7RiMqFC2klvQGTY3SlwZG3qIREQwKIkHco_EwfAFQ4ESO0Ns81n0XYsZlF5twOCWbQxf_7Ni3wUbn8bqLIXcpxAP-DhZ_hJRPtsVr6z5D9LiKOXVD791594DuGtsOfnrhBG0X8225LFbvr1X5siqCgVxIbxphiBHaGkdrB3zPGHPGCe4FrQEMU9pza50gjOwVExoap4mpa-eZYmyCnv5vg_d-16dwtOlnJzjVUgH7BcQ7Ui0</recordid><startdate>201001</startdate><enddate>201001</enddate><creator>Kienzle, D.</creator><creator>Persaud, R.</creator><creator>Elder, M.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201001</creationdate><title>Endpoint Configuration Compliance Monitoring via Virtual Machine Introspection</title><author>Kienzle, D. ; Persaud, R. ; Elder, M.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-6e9f591958a9c2dc04b333c9c54e52d009378e4aac5131b73580fc819ddce3733</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2010</creationdate><topic>Application software</topic><topic>Computer architecture</topic><topic>Condition monitoring</topic><topic>Hardware</topic><topic>Information security</topic><topic>Operating systems</topic><topic>Platform virtualization</topic><topic>Protection</topic><topic>Virtual machine monitors</topic><topic>Virtual machining</topic><toplevel>online_resources</toplevel><creatorcontrib>Kienzle, D.</creatorcontrib><creatorcontrib>Persaud, R.</creatorcontrib><creatorcontrib>Elder, M.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE/IET Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Kienzle, D.</au><au>Persaud, R.</au><au>Elder, M.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Endpoint Configuration Compliance Monitoring via Virtual Machine Introspection</atitle><btitle>2010 43rd Hawaii International Conference on System Sciences</btitle><stitle>HICSS</stitle><date>2010-01</date><risdate>2010</risdate><spage>1</spage><epage>10</epage><pages>1-10</pages><issn>1530-1605</issn><eissn>2572-6862</eissn><isbn>9781424455096</isbn><isbn>142445509X</isbn><eisbn>1424455103</eisbn><eisbn>9781424455102</eisbn><abstract>We describe a system for externally monitoring endpoint configuration compliance of an end user system that provides a high assurance monitoring function and data. Typical approaches to monitoring for endpoint configuration compliance rely on the integrity of the endpoint's operating system and do not protect the monitoring function from subversion or spoofing by threats from within the monitored system. Our approach utilizes (1) a virtual machine architecture on the endpoint system to protect the monitoring function and (2) virtual machine introspection of the end user's environment. In this paper we describe our approach to external monitoring of endpoint configuration compliance, present the technical details of our monitoring system, provide a description of some experimentation and observations, and discuss some of the issues associated with external monitoring.</abstract><pub>IEEE</pub><doi>10.1109/HICSS.2010.182</doi><tpages>10</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1530-1605
ispartof 2010 43rd Hawaii International Conference on System Sciences, 2010, p.1-10
issn 1530-1605
2572-6862
language eng
recordid cdi_ieee_primary_5428670
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Application software
Computer architecture
Condition monitoring
Hardware
Information security
Operating systems
Platform virtualization
Protection
Virtual machine monitors
Virtual machining
title Endpoint Configuration Compliance Monitoring via Virtual Machine Introspection
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-03T21%3A00%3A10IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Endpoint%20Configuration%20Compliance%20Monitoring%20via%20Virtual%20Machine%20Introspection&rft.btitle=2010%2043rd%20Hawaii%20International%20Conference%20on%20System%20Sciences&rft.au=Kienzle,%20D.&rft.date=2010-01&rft.spage=1&rft.epage=10&rft.pages=1-10&rft.issn=1530-1605&rft.eissn=2572-6862&rft.isbn=9781424455096&rft.isbn_list=142445509X&rft_id=info:doi/10.1109/HICSS.2010.182&rft.eisbn=1424455103&rft.eisbn_list=9781424455102&rft_dat=%3Cieee_6IE%3E5428670%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i90t-6e9f591958a9c2dc04b333c9c54e52d009378e4aac5131b73580fc819ddce3733%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5428670&rfr_iscdi=true