User:Superymk

From Trusted Cloud Group
Jump to: navigation, search

Contents

Miao Yu (于淼),Master

毕业论文

  • 题目:Vis:基于硬件虚拟化的本地系统活体取证工具
  • 摘要:

活体取证技术正在成为现代数字取证技术中的一个重要部分。它在获取计算机犯罪证据,尤其是获取那些只存在于内存中的证据中起到了至关重要的作用,然而当前已有项目和研究工作或者不能准确获取指定时间点上的本地系统内存内容,抑或对本地系统的执行环境造成极大破坏。

我们使用了虚拟化技术来解决这个问题。近几年, CPU厂商对虚拟化技术提供了越来越多的硬件支持,为虚拟化技术的发展奠定了坚实的基础。这主要体现在硬件虚拟化技术上,硬件虚拟化技术将过去软件虚拟化技术过程中所必需的额外内存翻译过程和I/O转交过程在硬件上重新实现。通过硬件完成的额外地址翻译过程大大提升了虚拟机的运行速度。这就减少了管理员在设备上的开销与维护成本;同时硬件上支持的虚拟机之间的隔离性使得多个子系统可以并行独立而不互相干涉,也保证了各个子系统运行的稳定性、可靠性、安全性。此外,由于硬件虚拟化过程无需虚拟机操作系统的任何感知,因此一个普通的商用操作系统,如Windows XP或者Linux,可以同时运行在该芯片上,从而可以提供一个友好的人机界面。

我们使用了一系列实验来验证Vis在获取准确本地系统内存内容上的有效性。此外,经测试,Vis能够在97.09~105.86秒内完成整个运行时获取内存内容的任务,这证明Vis可被用于实际的活体取证任务当中。相比之下,其它活体取证工具为了确保本地系统内存内容获取完整性而会采用远程获取的方式,这通常需要数小时甚至数天来完成一个取证过程。平均情况下,Vis对目标系统只带来了9.62%的性能开销,说明Vis系统能够提供有效提升活体取证工作的准确度同时又不带来重大的性能影响。

Research

My goal is to crack real world problems. So I have a broad interest in the system area. Specifcally, I am mainly interested in virtualization, trust computing, network and operating systems. Using the virtualization technique, I have developed several prototypes to solve the security and QoS problems found in traditional systems.

Publications

Books

2011

  • Miao Yu, Zhengwei Qi
NewBluePill:深入理解硬件虚拟机 (NewBluePill: Hardware Virtual Machine Under the Hood)
Tsinghua Press, 2011

Journals

2012

  • Miao Yu, Zhengwei Qi, Qian Lin, Xianming Zhong, Bingyu Li, Haibing Guan
Vis: Virtualization Enhanced Live Forensics Acquisition for Native System
Digital Investigations, 2012 (To Appear)
  • Zhengwei Qi, Bingyu Li, Qian Lin, Miao Yu, Mingyuan Xia and Haibing Guan
SPAD: Software Protection through Anti-debugging Using Hardware-assisted Virtualization
JISE Special Issues, 2012 (Full Paper)

Conferences

2012

  • Junqing Wang, Miao Yu, Bingyu Li, Zhengwei Qi and Haibing Guan
Hypervisor-based Protection of Sensitive Files in a Compromised System
ACM Symposium on Applied Computing - SAC, 2012, Italy (To appear)

2011

  • Miao Yu, Qian Lin, Bingyu Li, Zhengwei Qi and Haibing Guan
Vis: Virtualization Enhanced Live Acquisition for Native System
The 2nd ACM SIGOPS Asia-Pacific Workshop on Systems (APSys 2011), Shanghai, China, July 11-12 2011. (Full Paper, Presentation)
  • Min Zhu, Miao Yu, Mingyuan Xia, Bingyu Li, Peijie Yu, Shang Gao and Zhengwei Qi, Liang Liu, Ying Chen and Haibing Guan
VASP: Virtualization assisted Security Monitor for Cross-Platform Protection
ACM Symposium on Applied Computing - SAC, 21 - 25 March 2011, TaiChung (Full Paper)
  • Qian Lin, Mingyuan Xia, Miao Yu, Peijie Yu, Min Zhu, Shang Gao, Zhengwei Qi and Haibing Guan
SPAD: Software Protection through Anti-debugging Using Hardware Virtualization
ACM Symposium on Applied Computing - SAC, 21 - 25 March 2011, TaiChung (Poster Paper) (Full Paper)

2010

  • Mingyuan Xia, Miao Yu, Qian Lin, Zhengwei Qi, and Haibing Guan
Enhanced privilege separation for commodity software on virtualized platform
International Conference on Parallel and Distributed Systems (ICPADS), Shanghai, China, Dec 8-10 2010. (Full Paper)
  • Shang Gao, Qian Lin, Mingyuan Xia, Miao Yu, Zhengwei Qi, and Haibing Guan
Debugging Classification and Anti-Debugging Strategies
Proceedings of the 2010 International Conference on Software and Computing Technology (ICSCT), Kunming, China, October 2010. (Full Paper)

2009

  • Miao Yu, Peijie Yu, Shang Gao, Qian Lin, Min Zhu, Zhengwei Qi.
HBSP: A Lightweight Hardware Virtualization Based Framework for Transparent Software Protection in Commodity Operating Systems.
FCST 2009 IWSEE 2009, Dec 17-19, 2009. (Full Paper)
  • Tengfei Yi, Aijun Zong, Miao Yu, Shang Gao, Qian Lin, Peijie Yu, Zhong Ren, Zhengwei Qi.
Anti-debugging Framework Based on Hardware Virtualization Technology.
ICRCCS 2009, Dec 28-29, 2009. (Full Paper)

Technical Reports and Other Publications

2010

  • Miao Yu, Mingyuan Xia, Qian Lin, Peijie Yu, Min Zhu, Shang Gao,Zhengwei Qi, Xue Liu, Haibing Guan.
SPAD: Software Protection through Anti-debugging Based on Hardware-assisted Virtualization.
XCON 2010, Aug 4-7, 2010. (Full Paper)
  • Mingyuan Xia, Miao Yu, Zhengwei Qi, and Haibing Guan.
Joan: Shepherd Application Privacy with Virtualized Special Purpose Memory.
Poster for 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI poster), Vancouver, Canada, October 4-6 2010. (Poster)

2009

  • 于淼, 俞培杰, 高尚, 林芊, 朱旻, 戚正伟, 管海兵.
HBSP:商用操作系统硬件虚拟化透明保护框架.
CNCC2009, Oct 23-24, 2009. (Full Paper)

Projects

Past Projects

  • Joan: A virtualization based application protection system. Our system protect the integrity and privacy of security-critical portions in the application without losing the programming flexibility of the trusted code.
  • SPAD: A lightweight anti-debugger modules built in special purpose hypervisor
  • Vis: An accurate memory dump tool for native machine without suspending the target OS.

Current Project

  • TrustDroid Tolerate the privacy leak problem on smart phone.
  • XenVGAShare Improve the QoS for cloud-gaming platform.

Related Pages

Technique

Xen

Xen Tutorial
怎样开发Xen
关于Xen EPT
关于Xen 4.0
关于Xen Guest中断
关于Xen 中的AES加密库使用
关于Xen Hypervisor中如何保留内存
关于Xen 4.2安装和使用

PCM

对PCM的初步研究

Mobile - Android System

在Defy ME525手机本地抓TCP包
如何在Defy ME525上刷Android系统
Defy ME525上GPS收不到信号

Linux How To

Configure VNCServer in Linux:[1]
Configure Professional FTP daemon (proftpd)
怎样在Fedora12上编译Bochs2.4.5
Build Xorg and Mesa3D
如何配置SPAD

Hadoop

How to config Hadoop and Hive
How to build Hadoop on Windows

Others

Silvery Expression (Long Term Support)
CNCC会议感想
投CCS2010后记
Vis论文修改历程

Personal tools
Namespaces
Variants
Actions
Navigation
Upload file
Toolbox