Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Deconstructing process isolation
Proceedings of the 2006 workshop on Memory system performance and correctness
A novel approach for a file-system integrity monitor tool of Xen virtual machine
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Towards a tamper-resistant kernel rootkit detector
Proceedings of the 2007 ACM symposium on Applied computing
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Managing the risk of covert information flows in virtual machine systems
Proceedings of the 12th ACM symposium on Access control models and technologies
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Linux kernel integrity measurement using contextual inspection
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Using hypervisor to provide data secrecy for user applications on a per-page basis
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Lares: An Architecture for Secure Active Monitoring Using Virtualization
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Semantics-Driven Introspection in a Virtual Environment
IAS '08 Proceedings of the 2008 The Fourth International Conference on Information Assurance and Security
Transparent security for cloud
Proceedings of the 2010 ACM Symposium on Applied Computing
CUDACS: securing the cloud with CUDA-enabled secure virtualization
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Secure virtualization for cloud computing
Journal of Network and Computer Applications
CyberGuarder: A virtualization security assurance architecture for green cloud computing
Future Generation Computer Systems
Architectural support for hypervisor-secure virtualization
ASPLOS XVII Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems
| Hi-index | 0.00 |
Virtualization is increasingly being used in regular desktop PCs, data centers and server farms. One of the advantages of introducing this additional architectural layer is to increase overall system security. In this paper we propose an architecture (KvmSec) that is an extension to the Linux Kernel Virtual Machine aimed at increasing the security of guest virtual machines. KvmSec can protect guest virtual machines against attacks such as viruses and kernel rootkits. KvmSec enjoys the following features: it is transparent to guest machines; it is hard to access even from a compromised virtual machine; it can collect data, analyze them, and act consequently on guest machines; it can provide secure communication between each of the guests and the host; and, it can be deployed on Linux hosts and at present supports Linux guest machines. These features are leveraged to implement a real-time monitoring and security management system. Further, differences and advantages over previous solutions are highlighted, as well as a concrete roadmap for further development.