HProve: A Hypervisor Level Provenance System to Reconstruct Attack Story Caused by Kernel Malware

Wang, Chonghua; Yin, Libo; Li, Jun; Chen, Xuehong; Yin, Rongchao; Yun, Xiaochun; Jiao, Yang; Hao, Zhiyu

HProve: A Hypervisor Level Provenance System to Reconstruct Attack Story Caused by Kernel Malware

Wang, Chonghua and Yin, Libo and Li, Jun and Chen, Xuehong and Yin, Rongchao and Yun, Xiaochun and Jiao, Yang and Hao, Zhiyu (2019) HProve: A Hypervisor Level Provenance System to Reconstruct Attack Story Caused by Kernel Malware. EAI Endorsed Transactions on Security and Safety.

PDF
30340.pdf
Download (2MB)

Abstract

Provenance of system subjects (e.g., processes) and objects (e.g., ﬁles) are very useful for many forensics tasks. In our analysis and comparison of existing Linux provenance tracing systems, we found that most systems assume the Linux kernel to be in the trust base, making these systems vulnerable

Item Type:	Article
Date Deposited:	04 Mar 2026 11:50
Last Modified:	17 Apr 2026 14:44
URI:	http://eprints.eai.eu/id/eprint/21175

Actions (login required)

: View Item