Scalable Cloud Security via Asynchronous Virtual Machine Introspection
نویسندگان
چکیده
Software will always be vulnerable to attacks. Although techniques exist that could prevent or limit the risk of exploits, performance overhead blocks their adoption. Services deployed into the cloud are typically customer facing, leaving them even more exposed to attacks from malicious users. However, the use of virtual machines, and the economy of scale found in cloud platforms, provides an opportunity to offer strong security guarantees to tenants at low cost to the cloud provider. We present ScaaS, a security Scanning as a Service framework for cloud platforms that uses frequent virtual machine checkpointing coupled with memory introspection techniques to detect bugs and malicious behavior in real time. By buffering VM outputs (i.e., outgoing network packets and disk writes) until a scan has been completed, ScaaS gives strong guarantees about the amount of damage an attack can do, while minimizing overheads.
منابع مشابه
Leveraging Virtual Machine Introspection for Hot-Hardening of Arbitrary Cloud-User Applications
Correctly applying security settings of various different applications is a time-consuming and in some cases a very difficult task. Moreover, with explosion in cloud computing popularity, cloud users are able to download and run pre-packaged virtual appliances. Many users may assume that these come with correct security settings and never bother to check or update these settings. In this paper ...
متن کاملPouring Cloud Virtualization Security Inside Out
In this article, virtualization security concerns in the cloud computing domain are reviewed. The focus is toward virtual machine (VM) security where attacks and vulnerabilities such as VM escape, VM hopping, cross-VM side-channel, VM-based rootkits (VMBRs), VM mobility, and VM remote are mentioned and discussed according to their relevance in the clouds. For each attack we outline how they aff...
متن کاملHypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring
Security requirements in the cloud have led to the development of new monitoring techniques that can be broadly categorized as virtual machine introspection (VMI) techniques. VMI monitoring aims to provide high-fidelity monitoring while keeping the monitor secure by leveraging the isolation provided by virtualization. This work shows that not all hypervisor activity is hidden from the guest vir...
متن کاملAtomizer: Fast, Scalable and Lightweight Heap Analyzer for Virtual Machines in a Cloud Environment
In recent years process heap-based attacks have increased significantly. These attacks exploit the system under attack via the heap, typically by using a heap spraying attack. A large number of malicious files and URLs offering dangerous contents are potentially encountered every day, both by client-side and server-side applications. Static and dynamic methods have been proposed to detect heap-...
متن کاملAnalysis and Detection of Heap-based Malwares Using Introspection in a Virtualized Environment
Malware detection and analysis is a major part of computer security. There is an arm race between security experts and malware developers to develop various techniques to secure computer systems and to nd ways to circumvent these security methods. In recent years process heap-based attacks have increased signi cantly. These attacks exploit the system under attack via the heap, typically by usin...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016