[转载]Automated Defense From Rootkit Attacks

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

The growing popularity of virtualization has led companies to embrace virtual machines to host web services. Virtualized environment faces the same security problems as a machine running the standalone operating system. The virtualized environment, however, provides a stronger security model and certain properties of isolation and interposition that makes automated monitoring and healing a tractable problem. In this paper, we look at the rootkit attacks, which hide the compromised system from being detected. This type of attack is very hard to detect and recover from as it directly interferes with system integrity. Leveraging the virtual machine technology, we propose a novel solution to detect and contain the effects of a rootkit attack in virtual machines running commodity operating systems. We have developed a prototype for a Linux virtual machine using VMware Workstation to illustrate the concept. We also propose an extension to the design, which can perform automated fingerprinting of the attacks by tracking simple changes to the filesystem.