Non‐intrusive object introspection in C++

We describe the design and implementation of system architecture to support object introspection in C++. In this system, information is collected by parsing class declarations, and is used to build a supporting environment for object introspection. Our approach is non‐intrusive because it requires no changes in the original class declarations and libraries; hence, binary compatibility between objects before and after the addition of introspective capability is ensured. This is critical if one wants to integrate third‐party class libraries, which are often supplied as black boxes and allow no modification, into highly dynamic applications. We present two applications: the first is automatic I/O support for C++ objects, and the other is interactive exercise of dynamically loaded C++ class libraries. Copyright © 2001 John Wiley & Sons, Ltd.     

Metacognition in computation: A selected research review

Various disciplines have examined the many phenomena of metacognition and have produced numerous results, both positive and negative. I discuss some of these aspects of cognition about cognition and the results concerning them from the point of view of the psychologist and the computer scientist, and I attempt to place them in the context of computational theories. I examine metacognition with respect to both problem solving (e.g., planning) and to comprehension (e.g., story understanding) processes of cognition.     

基于虚拟化的安全监控

近年来,虚拟化技术成为计算机系统结构的发展趋势,并为安全监控提供了一种解决思路.由于虚拟机管理器具有更高的权限和更小的可信计算基,利用虚拟机管理器在单独的虚拟机中部署安全工具能够对目标虚拟机进行检测.这种方法能够保证监控工具的有效性和防攻击性.从技术实现的角度来看,现有的研究工作可以分为内部监控和外部监控.根据不同的监控目的,详细地介绍了基于虚拟化安全监控的相关工作,例如入侵检测、蜜罐、文件完整性监控、恶意代码检测与分析、安全监控架构和安全监控通用性.最后总结了现有研究工作的不足,并指出了未来的研究方向.这对于从事虚拟化研究和安全监控研究都具有重要意义.     

一种基于硬件辅助虚拟化的软件行为分析器的设计与实现

基于虚拟化技术的软件行为分析是近年来出现的分析软件的方法。文本提出一种基于硬件辅助虚拟化技术的软件行为分析器——HVA。HVA是一个利用了安全虚拟机(SVM)、二级页表(NPT)和虚拟机自省等多种虚拟化技术完成的、专门针对软件行为分析的微型VMM。结果表明,HVA在软件行为分析方面表现良好。     

基于VMI的虚拟机远程证明方案

可信计算组织（TCG,trusted computing group）提出的虚拟机远程证明方案可以为云计算平台提供虚拟机完整性验证服务,而直接使用 TCG 提出的方案性能较低,并且会受到布谷鸟攻击的威胁。利用虚拟机自省技术（VMI,virtual machine introspection）设计了新的虚拟机远程证明方案。通过在虚拟机监视器（VMM,virtual machine monitor）中获取虚拟机远程验证证据的方法消除在虚拟机内执行布谷鸟攻击的路径,利用物理可信平台模块（TPM,trusted platform module）保证虚拟机远程验证证据的完整性,减少了身份证明密钥（AIK,attestation identity key）证书的产生数量,降低了私有证书颁发机构的负载。实验表明,方案可以有效验证虚拟机的完整性状态,在虚拟机数量较多的情况下,性能优于TCG提出的虚拟机远程证明方案。     

An Asset-Based Approach to Mitigate Zero-Day Ransomware Attacks

This article presents an asset-based security system where security practitioners build their systems based on information they own and not solicited by observing attackers’ behavior. Current security solutions rely on information coming from attackers. Examples are current monitoring and detection security solutions such as intrusion prevention/detection systems and firewalls. This article envisions creating an imbalance between attackers and defenders in favor of defenders. As such, we are proposing to flip the security game such that it will be led by defenders and not attackers. We are proposing a security system that does not observe the behavior of the attack. On the contrary, we draw, plan, and follow up our own protection strategy regardless of the attack behavior. The objective of our security system is to protect assets rather than protect against attacks. Virtual machine introspection is used to intercept, inspect, and analyze system calls. The system call-based approach is utilized to detect zero-day ransomware attacks. The core idea is to take advantage of Xen and DRAKVUF for system call interception, and leverage system calls to detect illegal operations towards identified critical assets. We utilize our vision by proposing an asset-based approach to mitigate zero-day ransomware attacks. The obtained results are promising and indicate that our prototype will achieve its goals.     

大学英语快速阅读教学初探——基于学生答题过程的内省法研究

采用"内省法"中的回顾法,分析某普通高校财会专业54名大一学生对其完成2014年12月大学英语四级考试长篇阅读理解部分答题过程的描述,了解学生在做快速阅读题过程中出现的问题,从而为大学英语快速阅读教学提供一定的启示与建议。