ReVirt: enabling intrusion analysis through virtual-machine logging and replay
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
When Virtual Is Better Than Real
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Detecting past and present intrusions through vulnerability-specific predicates
Proceedings of the twentieth ACM symposium on Operating systems principles
Manitou: a layer-below approach to fighting malware
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Towards a tamper-resistant kernel rootkit detector
Proceedings of the 2007 ACM symposium on Applied computing
Copilot - a coprocessor-based kernel runtime integrity monitor
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Automated detection of persistent kernel control-flow attacks
Proceedings of the 14th ACM conference on Computer and communications security
Lares: An Architecture for Secure Active Monitoring Using Virtualization
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Communications of the ACM
Towards incident handling in the cloud: challenges and approaches
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Security audits of multi-tier virtual infrastructures in public infrastructure clouds
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Towards a data-centric view of cloud security
CloudDB '10 Proceedings of the second international workshop on Cloud data management
Automatic discovery of parasitic malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs
Proceedings of the Fourth European Workshop on System Security
The smart internet as a catalyst for health care reform
The smart internet
The smart internet as a catalyst for health care reform
The smart internet
RepCloud: achieving fine-grained cloud TCB attestation with reputation systems
Proceedings of the sixth ACM workshop on Scalable trusted computing
A way of key management in cloud storage based on trusted computing
NPC'11 Proceedings of the 8th IFIP international conference on Network and parallel computing
The top ten cloud-security practices in next-generation networking
International Journal of Communication Networks and Distributed Systems
A comparison of secure multi-tenancy architectures for filesystem storage clouds
Middleware'11 Proceedings of the 12th ACM/IFIP/USENIX international conference on Middleware
Virtual machine introspection in a hybrid honeypot architecture
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
Proceedings of the 2012 ACM conference on Computer and communications security
OS-Sommelier: memory-only operating system fingerprinting in the cloud
Proceedings of the Third ACM Symposium on Cloud Computing
Trusted VM snapshots in untrusted cloud infrastructures
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
A comparison of secure multi-tenancy architectures for filesystem storage clouds
Proceedings of the 12th International Middleware Conference
Virtualization: Issues, security threats, and solutions
ACM Computing Surveys (CSUR)
Designing a Secure Cloud Architecture: The SeCA Model
International Journal of Information Security and Privacy
Cloud computing security: The scientific challenge, and a survey of solutions
Journal of Systems and Software
Classification of Security Issues and Solutions in Cloud Environments
Proceedings of International Conference on Information Integration and Web-based Applications & Services
| Hi-index | 0.02 |
Cloud infrastructure commonly relies on virtualization. Customers provide their own VMs, and the cloud provider runs them often without knowledge of the guest OSes or their configurations. However, cloud customers also want effective and efficient security for their VMs. Cloud providers offering security-as-a-service based on VM introspection promise the best of both worlds: efficient centralization and effective protection. Since customers can move images from one cloud to another, an effective solution requires learning what guest OS runs in each VM and securing the guest OS without relying on the guest OS functionality or an initially secure guest VM state. We present a solution that is highly scalable in that it (i) centralizes guest protection into a security VM, (ii) supports Linux and Windows operating systems and can be easily extended to support new operating systems, (iii) does not assume any a-priori semantic knowledge of the guest, (iv) does not require any a-priori trust assumptions into any state of the guest VM. While other introspection monitoring solutions exist, to our knowledge none of them monitor guests on the semantic level required to effectively support both white- and black-listing of kernel functions, or allows to start monitoring VMs at any state during run-time, resumed from saved state, and cold-boot without the assumptions of a secure start state for monitoring.