Swinburne
Browse

CloudSec: A security monitoring appliance for Virtual Machines in the IaaS cloud model

Download (505.22 kB)
journal contribution
posted on 2024-07-09, 14:21 authored by Amani S. Ibrahim, James Hamlyn-HarrisJames Hamlyn-Harris, John Grundy, Mohamed Abdelrazek
The Infrastructure-as-a-Service (IaaS) cloud computing model has become a compelling computing solution with a proven ability to reduce costs and improve resource efficiency. Virtualization has a key role in supporting the IaaS model. However, virtualization also makes it a target for potent rootkits because of the loss of control problem over the hosted Virtual Machines (VMs). This makes traditional in-guest security solutions, relying on operating system kernel trustworthiness, no longer an effective solution to secure the virtual infrastructure of the IaaS model. In this paper, we explore briefly the security problem of the IaaS cloud computing model, and present CloudSec, a new virtualization-aware monitoring appliance that provides active, transparent and real-time security monitoring for hosted VMs in the IaaS model. CloudSec utilizes virtual machine introspection techniques to provide fine-grained inspection of VM's physical memory without installing any monitoring code inside the VM. It actively reconstructs and monitors the dynamically changing kernel data structures instances, as a prior step to enable providing protection for kernel data structures. We have implemented a proof-of-concept prototype using VMsafe libraries on a VMware ESX platform. We have evaluated the system monitoring accuracy and the performance overhead of CloudSec.

History

Available versions

PDF (Accepted manuscript)

ISBN

9781457704598

Journal title

Proceedings - 2011 5th International Conference on Network and System Security, NSS 2011

Volume

147

Issue

2

Pagination

7 pp

Publisher

IEEE

Copyright statement

Copyright © 2011 IEEE. The accepted manuscript is reproduced in accordance with the copyright policy of the publisher. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

Language

eng

Usage metrics

    Publications

    Keywords

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC