A Virtualization-Based Approach for Application Whitelisting
Summary :
A whitelisting approach is a promising solution to prevent unwanted processes (e.g., malware) getting executed. However, previous solutions suffer from limitations in that: 1) Most methods place the whitelist information in the kernel space, which could be tempered by attackers; 2) Most methods cannot prevent the execution of kernel processes. In this paper, we present VAW, a novel application whitelisting system by using the virtualization technology. Our system is able to block the execution of unauthorized user and kernel processes. Compared with the previous solutions, our approach can achieve stronger security guarantees. The experiments show that VAW can deny the execution of unwanted processes effectively with a little performance overhead.
- Publication
- IEICE TRANSACTIONS on Information Vol.E97-D No.6 pp.1648-1651
- Publication Date
- 2014/06/01
- Publicized
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.E97.D.1648
- Type of Manuscript
- LETTER
- Category
- Software System
Authors
Donghai TIAN
Beijing Institute of Technology,Chinese Academy of Sciences
Jingfeng XUE
Beijing Institute of Technology
Changzhen HU
Beijing Institute of Technology
Xuanya LI
Institute of Information Engineering, Chinese Academy of Sciences
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Donghai TIAN, Jingfeng XUE, Changzhen HU, Xuanya LI, "A Virtualization-Based Approach for Application Whitelisting" in IEICE TRANSACTIONS on Information,
vol. E97-D, no. 6, pp. 1648-1651, June 2014, doi: 10.1587/transinf.E97.D.1648.
Abstract: A whitelisting approach is a promising solution to prevent unwanted processes (e.g., malware) getting executed. However, previous solutions suffer from limitations in that: 1) Most methods place the whitelist information in the kernel space, which could be tempered by attackers; 2) Most methods cannot prevent the execution of kernel processes. In this paper, we present VAW, a novel application whitelisting system by using the virtualization technology. Our system is able to block the execution of unauthorized user and kernel processes. Compared with the previous solutions, our approach can achieve stronger security guarantees. The experiments show that VAW can deny the execution of unwanted processes effectively with a little performance overhead.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.E97.D.1648/_p
Copy
@ARTICLE{e97-d_6_1648,
author={Donghai TIAN, Jingfeng XUE, Changzhen HU, Xuanya LI, },
journal={IEICE TRANSACTIONS on Information},
title={A Virtualization-Based Approach for Application Whitelisting},
year={2014},
volume={E97-D},
number={6},
pages={1648-1651},
abstract={A whitelisting approach is a promising solution to prevent unwanted processes (e.g., malware) getting executed. However, previous solutions suffer from limitations in that: 1) Most methods place the whitelist information in the kernel space, which could be tempered by attackers; 2) Most methods cannot prevent the execution of kernel processes. In this paper, we present VAW, a novel application whitelisting system by using the virtualization technology. Our system is able to block the execution of unauthorized user and kernel processes. Compared with the previous solutions, our approach can achieve stronger security guarantees. The experiments show that VAW can deny the execution of unwanted processes effectively with a little performance overhead.},
keywords={},
doi={10.1587/transinf.E97.D.1648},
ISSN={1745-1361},
month={June},}
Copy
TY - JOUR
TI - A Virtualization-Based Approach for Application Whitelisting
T2 - IEICE TRANSACTIONS on Information
SP - 1648
EP - 1651
AU - Donghai TIAN
AU - Jingfeng XUE
AU - Changzhen HU
AU - Xuanya LI
PY - 2014
DO - 10.1587/transinf.E97.D.1648
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E97-D
IS - 6
JA - IEICE TRANSACTIONS on Information
Y1 - June 2014
AB - A whitelisting approach is a promising solution to prevent unwanted processes (e.g., malware) getting executed. However, previous solutions suffer from limitations in that: 1) Most methods place the whitelist information in the kernel space, which could be tempered by attackers; 2) Most methods cannot prevent the execution of kernel processes. In this paper, we present VAW, a novel application whitelisting system by using the virtualization technology. Our system is able to block the execution of unauthorized user and kernel processes. Compared with the previous solutions, our approach can achieve stronger security guarantees. The experiments show that VAW can deny the execution of unwanted processes effectively with a little performance overhead.
ER -
English
