A software vulnerability analysis environment based on virtualization technology

Abstract

The accurate identification and effective analysis of software vulnerabilities depends on flexible and extensible analysis environment. However, current research work cannot provide highly available environment supporting for different types of vulnerabilities. Aiming at the problem, this paper proposes a novel method for constructing software vulnerability analysis environment based upon virtualization technique, defines the system level simulation model for vulnerability analysis, and describes the simulation model based vulnerability analysis method. Based upon the simulation model and analysis method, we have designed and implemented the Virtualization-based Vulnerability Analysis Environment (VirtualVAE), which can examine the operation behaviors of guest operation system and applications at hardware level, and analyze the operation process of sensitive data in the whole system. Therefore, it can accurately simulate a wide variety of system behaviors, and provide dynamic analysis capabilities for different types of vulnerabilities. The experimental results show that it provides a flexible environment for accurately identifying and analyzing the vulnerabilities of software systems.