Java中的XML编程.PPT

Questions? * * * Ether: Malware Analysis viaHardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang * Agenda ● Motivation ● Transparency Requirements ● Ether Framework ● Experiments and Evaluation ●Conclusion *  Motivation Malware Definition: short for malicious software, is software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware Categories: computer viruses, worms, trojan horses, rootkits, spyware, adware, rogue security software, and other malicious programs. Malware Problem: Malware has become the centerpiece of most security threats on the Internet * Malware Analysis There is a profound need to understand malware behavior: -Forensics and Asset Remediation -Threat Analysis Malware authors make analysis very challenging Direct financial motivation Focal point of malware analysis: how to detect versus ,how to hide a malware analyzer from malware during runtime * Two Types of Malware Analysis Static Analysis What a program would do Complete view of program behavior ? Requires accurate disassembly of x86 machine code Often impossible to do in practice Dynamic Analysis Shows what a program actually did when executed Only gives a partial view of program behavior Question: How do you hide your analyzer? * The Malware Uncertainty Principle An important practical problem ??Observer affecting the observed environment ??Robust and detailed analyzers are typically invasive Malware will refuse to run * Solving Malware Uncertainty Principle ?An analyzer’s aim should be transparent. –?Defining transparency The execution of the malware and the malware analyzer is governed by the principle of non-interference. * Transparency Requirements Higher Privilege No non-privileged side effects Same i