A Virtualization-Based Approach for Application Whitelisting

Donghai TIAN  Jingfeng XUE  Changzhen HU  Xuanya LI  

IEICE TRANSACTIONS on Information and Systems   Vol.E97-D   No.6   pp.1648-1651
Publication Date: 2014/06/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E97.D.1648
Type of Manuscript: LETTER
Category: Software System
whitelisting,  virtualization technology,  

Full Text: PDF(375.7KB)>>
Buy this Article

A whitelisting approach is a promising solution to prevent unwanted processes (e.g., malware) getting executed. However, previous solutions suffer from limitations in that: 1) Most methods place the whitelist information in the kernel space, which could be tempered by attackers; 2) Most methods cannot prevent the execution of kernel processes. In this paper, we present VAW, a novel application whitelisting system by using the virtualization technology. Our system is able to block the execution of unauthorized user and kernel processes. Compared with the previous solutions, our approach can achieve stronger security guarantees. The experiments show that VAW can deny the execution of unwanted processes effectively with a little performance overhead.