Automatically Bridging the Semantic Gap in Virtual Machine Introspection

Description:

This invention encompasses a set of techniques to automatically bridge the semantic gap in virtual machine introspection thus allowing a trusted machine to inspect other machines (physical or virtual) safely, quickly, and reliably.

 

Background:

In Cloud Computing, a secure (“trusted”) virtual machine is often used to monitor (“introspect”) the activity of other virtual machines, because the trusted machine can be isolated from the Internet and it is therefore difficult for hackers to compromise. This technique, Virtual Machine Introspection, or VMI, is one of the foundations of cloud computing.  However, a problem with this approach is the difficulty of interpreting the low-level bits and bytes that are available from the memory of the machine being scanned at the high level at which humans and anti-virus software operates. This is known as the “semantic gap.”

 

Bridging this semantic gap currently requires manual reverse engineering and construction of introspection routines.  This approach is tedious, time-consuming, and error prone.

 

Potential Benefits:

·         Transparent to end users, native application developers, and operating system – (e.g., it does not require that anti-virus providers modify their code to do introspection)

·         Automatic – fast, error-free, no labor costs

·         More secure than current methods

·         More reliable than current methods

·         Not impacted by updates to programs, etc. on machine being scanned

 

Potential Applications:

·         Management of virtual machines in cloud computing (by Cloud provider)

·         Intrusion detection (by end-user, or enterprise)

·         Anti-virus protection (by end-user, or enterprise)

·         Virtual Machine Introspection/Management (by Cloud provider)

·         Forensic analysis of machine memory (in cybercrime, etc. investigations, by law-enforcement)

 

IP Status:

United States patent 9,529,614 issued on December 27th, 2016.

 

Inventors:

 

Zhiqiang Lin

 

Additional Materials:  Published Article, entitled, Space Traveling across VM: Automatically Bridging the Semantic Gap in Virtual Machine Introspection via Online Kernel Data Redirection

  

ID Number: MP-12-014

 

Licensing Opportunity: This technology is available for exclusive or non-exclusive licensing.

 

Contact: otc@utdallas.edu

Patent Information:
Category(s):
Diagnostics
Cybersecurity
For Information, Contact:
OTC Licensing
The University of Texas at Dallas
otc@utdallas.edu
Inventors:
Zhiqiang Lin
Keywords:
Cloud Computing
Communications
Electronics
Internet of Things (IoT)
Research Tools
Software
Wireless