Current orchestration and choreography process engines only serve with dedicate process languages.To solve these problems,an Event-driven Process Execution Model(EPEM) was developed.Formalization and mapping principle...Current orchestration and choreography process engines only serve with dedicate process languages.To solve these problems,an Event-driven Process Execution Model(EPEM) was developed.Formalization and mapping principles of the model were presented to guarantee the correctness and efficiency for process transformation.As a case study,the EPEM descriptions of Web Services Business Process Execution Language(WS-BPEL) were represented and a Process Virtual Machine(PVM)-OncePVM was implemented in compliance with the EPEM.展开更多
Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurat...Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system.展开更多
文摘Current orchestration and choreography process engines only serve with dedicate process languages.To solve these problems,an Event-driven Process Execution Model(EPEM) was developed.Formalization and mapping principles of the model were presented to guarantee the correctness and efficiency for process transformation.As a case study,the EPEM descriptions of Web Services Business Process Execution Language(WS-BPEL) were represented and a Process Virtual Machine(PVM)-OncePVM was implemented in compliance with the EPEM.
基金Supported by the National Natural Science Foundation of China(61170026)
文摘Malicious software programs usually bypass the detection of anti-virus software by hiding themselves among apparently legitimate programs.In this work,we propose Windows Virtual Machine Introspection(WVMI)to accurately detect those hidden processes by analyzing memory data.WVMI dumps in-memory data of the target Windows operating systems from hypervisor and retrieves EPROCESS structures’address of process linked list first,and then generates Data Type Confidence Table(DTCT).Next,it traverses the memory and identifies the similarities between the nodes in process linked list and the corresponding segments in the memory by utilizing DTCT.Finally,it locates the segments of Windows’EPROCESS and identifies the hidden processes by further comparison.Through extensive experiments,our experiment shows that the WVMI detects the hidden process with high identification rate,and it is independent of different versions of Windows operating system.
