@techreport{lorch2007sav-v,
author = {Lorch, Jay and Parno, Bryan and Wang, Helen},
title = {SAV-V: Securing Anti-Virus with Virtualization},
year = {2007},
month = {April},
abstract = {Today's desktop PCs rely on security software such as anti-virus products and personal firewalls for protection. Unfortunately, malware authors have adapted by specifically targeting and disabling these defenses, a practice exacerbated by the rise in zero-day exploits. In this paper, we present the design, implementation, and evaluation of SAV-V, a platform that enhances the detection capabilities of anti-virus software. Our platform leverages virtualization to preserve the integrity of AV software and to guarantee access to AV updates. SAV-V also uses secure logging and a split file system to preserve the fidelity of input to the AV program. Combined with our technique of fake shutdowns, these measures allow SAV-V to eventually detect any zero-day malware that writes to disk. Benchmarks of our prototype system suggest that SAV-V can be implemented efficiently, and we validate our prototype by testing it against real-world malware.},
publisher = {Microsoft Research},
url = {http://approjects.co.za/?big=en-us/research/publication/sav-v-securing-anti-virus-with-virtualization/},
number = {MSR-TR-2011-101},
}