Visible to the public Non-intrusive Virtual Machine Analysis and Reverse Debugging with SWAT

TitleNon-intrusive Virtual Machine Analysis and Reverse Debugging with SWAT
Publication TypeConference Paper
Year of Publication2020
AuthorsDovgalyuk, Pavel, Vasiliev, Ivan, Fursova, Natalia, Dmitriev, Denis, Abakumov, Mikhail, Makarov, Vladimir
Conference Name2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)
Date PublishedDec. 2020
ISBN Number978-1-7281-8913-0
Keywordscomposability, cryptography, Cyber physical system, Debugging, dynamic analysis, graphical user interfaces, Instruments, introspection, pubcrawl, QEMU, resilience, Resiliency, security, software development management, Software instrumentation, software quality, software reliability, SWAT, virtual machine, virtual machine security, Virtual machining
AbstractThis paper presents SWAT - System-Wide Analysis Toolkit. It is based on open source emulation and debugging projects and implements the approaches for non-intrusive system-wide analysis and debugging: lightweight OS-agnostic virtual machine introspection, full system execution replay, non-intrusive debugging with WinDbg, and full system reverse debugging. These features are based on novel non-intrusive introspection and reverse debugging methods. They are useful for stealth debugging and analysis of the platforms with custom kernels. SWAT includes multi-platform emulator QEMU with additional instrumentation and debugging features, GUI for convenient QEMU setup and execution, QEMU plugin for non-intrusive introspection, and modified version of GDB. Our toolkit may be useful for the developers of the virtual platforms, emulators, and firmwares/drivers/operating systems. Virtual machine intospection approach does not require loading any guest agents and source code of the OS. Therefore it may be applied to ROM-based guest systems and enables using of record/replay of the system execution. This paper includes the description of SWAT components, analysis methods, and some SWAT use cases.
Citation Keydovgalyuk_non-intrusive_2020