Ether: Malware Analysis via Hardware Virtualization Extensions

By A. Dinaburg, P. Royal, M. Sharif and W. Lee

Proceedings of the 15th ACM Conference on Computer and Communications Security 2008 (CCS’08)

Ether is a malware analysis framework which leverages hardware virtualization extensions (specifically Intel VT) to remain transparent to malicious software. It supports both fine- (single instruction) and coarse- (system call) granularity tracing. (I’m curious what the performance penalty for the fine-grain tracing is. The authors only say that it’s “significant”.)

Both the GPL’ed source code for Ether and the paper are available for download at http://ether.gtisc.gatech.edu.

Like this:

Be the first to like this post.

This entry was posted on November 25, 2008 at 15:21 and is filed under Systems Security, Virtual Machines . You can follow any responses to this entry through the RSS 2.0 feed You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply Cancel reply

Enter your comment here...

Please log in using one of these methods to post your comment:

Email (Address never made public)

Name

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Papers I have read and you should too.