A virtualization-based approach for application whitelisting

Donghai Tian; Jingfeng Xue; Changzhen Hu; Xuanya Li

doi:10.1587/transinf.E97.D.1648

A virtualization-based approach for application whitelisting

Donghai Tian, Jingfeng Xue, Changzhen Hu, Xuanya Li

CAS - Institute of Information Engineering

Research output: Contribution to journal › Article › peer-review

Abstract

A whitelisting approach is a promising solution to prevent unwanted processes (e.g., malware) getting executed. However, previous solutions suffer from limitations in that: 1) Most methods place the whitelist information in the kernel space, which could be tempered by attackers; 2) Most methods cannot prevent the execution of kernel processes. In this paper, we present VAW, a novel application whitelisting system by using the virtualization technology. Our system is able to block the execution of unauthorized user and kernel processes. Compared with the previous solutions, our approach can achieve stronger security guarantees. The experiments show that VAW can deny the execution of unwanted processes effectively with a little performance overhead.

Original language	English
Pages (from-to)	1648-1651
Number of pages	4
Journal	IEICE Transactions on Information and Systems
Volume	E97-D
Issue number	6
DOIs	https://doi.org/10.1587/transinf.E97.D.1648
Publication status	Published - Jun 2014

Keywords

Virtualization technology
Whitelisting

Access to Document

10.1587/transinf.E97.D.1648

Cite this

@article{a20f267b821f40d6a40245f74552d23c,

title = "A virtualization-based approach for application whitelisting",

abstract = "A whitelisting approach is a promising solution to prevent unwanted processes (e.g., malware) getting executed. However, previous solutions suffer from limitations in that: 1) Most methods place the whitelist information in the kernel space, which could be tempered by attackers; 2) Most methods cannot prevent the execution of kernel processes. In this paper, we present VAW, a novel application whitelisting system by using the virtualization technology. Our system is able to block the execution of unauthorized user and kernel processes. Compared with the previous solutions, our approach can achieve stronger security guarantees. The experiments show that VAW can deny the execution of unwanted processes effectively with a little performance overhead.",

keywords = "Virtualization technology, Whitelisting",

author = "Donghai Tian and Jingfeng Xue and Changzhen Hu and Xuanya Li",

year = "2014",

month = jun,

doi = "10.1587/transinf.E97.D.1648",

language = "English",

volume = "E97-D",

pages = "1648--1651",

journal = "IEICE Transactions on Information and Systems",

issn = "0916-8532",

publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",

number = "6",

}

TY - JOUR

T1 - A virtualization-based approach for application whitelisting

AU - Tian, Donghai

AU - Xue, Jingfeng

AU - Hu, Changzhen

AU - Li, Xuanya

PY - 2014/6

Y1 - 2014/6

N2 - A whitelisting approach is a promising solution to prevent unwanted processes (e.g., malware) getting executed. However, previous solutions suffer from limitations in that: 1) Most methods place the whitelist information in the kernel space, which could be tempered by attackers; 2) Most methods cannot prevent the execution of kernel processes. In this paper, we present VAW, a novel application whitelisting system by using the virtualization technology. Our system is able to block the execution of unauthorized user and kernel processes. Compared with the previous solutions, our approach can achieve stronger security guarantees. The experiments show that VAW can deny the execution of unwanted processes effectively with a little performance overhead.

AB - A whitelisting approach is a promising solution to prevent unwanted processes (e.g., malware) getting executed. However, previous solutions suffer from limitations in that: 1) Most methods place the whitelist information in the kernel space, which could be tempered by attackers; 2) Most methods cannot prevent the execution of kernel processes. In this paper, we present VAW, a novel application whitelisting system by using the virtualization technology. Our system is able to block the execution of unauthorized user and kernel processes. Compared with the previous solutions, our approach can achieve stronger security guarantees. The experiments show that VAW can deny the execution of unwanted processes effectively with a little performance overhead.

KW - Virtualization technology

KW - Whitelisting

UR - http://www.scopus.com/inward/record.url?scp=84901758672&partnerID=8YFLogxK

U2 - 10.1587/transinf.E97.D.1648

DO - 10.1587/transinf.E97.D.1648

M3 - Article

AN - SCOPUS:84901758672

SN - 0916-8532

VL - E97-D

SP - 1648

EP - 1651

JO - IEICE Transactions on Information and Systems

JF - IEICE Transactions on Information and Systems

IS - 6

ER -

A virtualization-based approach for application whitelisting

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this