Anh-Quynh Nguyen

Learn More
This paper presents Xenprobes, a lightweight framework to probe the guest kernels of Xen Virtual Machine. Xen-probes is useful for various purposes such as as monitoring real-time status of production systems, analyzing performance bottlenecks, logging specific events or tracing problems of Xen-based guest kernel. Compared to other kernel probe solutions,(More)
Postprint This is the accepted version of a paper presented at 5th USENIX Workshop on Hot Topics in Security (HotSec 2010). Moving from logical sharing of guest OS to physical sharing of deduplication on virtual machine. Abstract Current OSes include many logical sharing techniques (shared library, symbolic link, etc.) on memory and storage. Unfortunately(More)
For decades, researchers have pointed out that Mandatory Access Control (MAC) is an effective method to protect computer systems from being misused. Unfortunately, MAC is still not widely deployed because of its complexity. The problem is even worse in a virtual machine environment, because the current architecture is not designed to support MAC in a(More)
OS Circular is a framework for Internet Disk Image Distribution of software for virtual machines , those which offer a ''virtualized'' common PC environment on any PC. OS images are obtained via the stackable virtual disk ''Trusted HTTP-FUSE CLOOP''. The system is designed to utilize Mirror servers and Proxies for highly-scalable worldwide deployment. OS(More)
File-system integrity tools (FIT) are commonly deployed to assist forensic investigation after security incidents and as host-based intrusion detections (HIDS) tool to detect unauthorized file-system changes. Basically all the current solutions employ the same tactic: the administrator specifies a list of critical files and directories that needs to be(More)
File-system integrity tools (FIT) are commonly deployed host-based intrusion detections (HIDS) tool to detect unauthorized file-system changes. While FIT are widely used, this kind of HIDS has many drawbacks: the intrusion detection is not done in real-time manner, which might render the whole scheme useless if the attacker can somehow take over the system(More)
  • 1