Secure virtualization for cloud computing

Authors:
Flavio Lombardi;Roberto Di Pietro
Affiliations:
Consiglio Nazionale delle Ricerche, DCSPI-Sistemi Informativi, Piazzale Aldo Moro 7, 00187 Roma, Italy;Universití di Roma Tre, Dipartimento di Matematica, L.go S. Leonardo Murialdo, 1 00149 Roma, Italy and UNESCO Chair in Data Privacy, Universitat Rovira i Virgili, Tarragona, Spain
Venue:
Journal of Network and Computer Applications
Year:
2011

Citing 32
Cited 14

The design and implementation of tripwire: a file system integrity checker

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Vigilante: end-to-end containment of internet worms

Proceedings of the twentieth ACM symposium on Operating systems principles
Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors

Proceedings of the 11th workshop on ACM SIGOPS European workshop
Closing Cluster Attack Windows Through Server Redundancy and Rotations

CCGRID '06 Proceedings of the Sixth IEEE International Symposium on Cluster Computing and the Grid
Defeating DDoS attacks by fixing the incentive chain

ACM Transactions on Internet Technology (TOIT)
Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques

Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
QEMU, a fast and portable dynamic translator

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes

Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction

Proceedings of the 14th ACM conference on Computer and communications security
Resilient Intrusion Tolerance through Proactive and Reactive Recovery

PRDC '07 Proceedings of the 13th Pacific Rim International Symposium on Dependable Computing
Forensics examination of volatile system data using virtual introspection

ACM SIGOPS Operating Systems Review
Lares: An Architecture for Secure Active Monitoring Using Virtualization

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Efficient state transfer for hypervisor-based proactive recovery

Proceedings of the 2nd workshop on Recent advances on intrusiton-tolerant systems
Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Virtualization and Digital Forensics: A Research and Education Agenda

Journal of Digital Forensic Practice
New Techniques for Private Stream Searching

ACM Transactions on Information and System Security (TISSEC)
Virtualization and Hardware-Based Security

IEEE Security and Privacy
A break in the clouds: towards a cloud definition

ACM SIGCOMM Computer Communication Review
Virtual machines jailed: virtualization in systems with small trusted computing bases

Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
IBMon: monitoring VMM-bypass capable InfiniBand devices using memory introspection

Proceedings of the 3rd ACM Workshop on System-level Virtualization for High Performance Computing
KvmSec: a security extension for Linux kernel virtual machines

Proceedings of the 2009 ACM symposium on Applied Computing
Challenges and opportunities for virtualized security in the clouds

Proceedings of the 14th ACM symposium on Access control models and technologies
Trusting the cloud

ACM SIGACT News
What's inside the Cloud? An architectural map of the Cloud landscape

CLOUD '09 Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing
Engineering the cloud from software modules

CLOUD '09 Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing
Taking account of privacy when designing cloud computing services

CLOUD '09 Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing
The Eucalyptus Open-Source Cloud-Computing System

CCGRID '09 Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid
Cloud Computing Resource Management through a Grid Middleware: A Case Study with DIET and Eucalyptus

CLOUD '09 Proceedings of the 2009 IEEE International Conference on Cloud Computing
Constructing and testing privacy-aware services in a cloud computing environment: challenges and opportunities

Proceedings of the First Asia-Pacific Symposium on Internetware
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

Proceedings of the 16th ACM conference on Computer and communications security
Transparent security for cloud

Proceedings of the 2010 ACM Symposium on Applied Computing
A Security Management Architecture for the Protection of Kernel Virtual Machines

CIT '10 Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology

CUDACS: securing the cloud with CUDA-enabled secure virtualization

ICICS'10 Proceedings of the 12th international conference on Information and communications security
A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing

Future Generation Computer Systems
A message negotiation approach to e-services by utility function and multi-criteria decision analysis

Computers & Mathematics with Applications
A framework for preservation of cloud users' data privacy using dynamic reconstruction of metadata

Journal of Network and Computer Applications
A new cloud computing architecture for music composition

Journal of Network and Computer Applications
Towards a unified taxonomy and architecture of cloud frameworks

Future Generation Computer Systems
Pragmatic assessment of research intensive areas in cloud: a systematic review

ACM SIGSOFT Software Engineering Notes
The technical security issues in cloud computing

International Journal of Information and Communication Technology
Detection of distributed denial of service attacks in cloud computing by identifying spoofed IP

International Journal of Communication Networks and Distributed Systems
Resource virtualization and service selection in cloud logistics

Journal of Network and Computer Applications
Review: A survey on resource allocation in high performance distributed computing systems

Parallel Computing
Architecture and protocol for intercloud communication

Information Sciences: an International Journal
CloRExPa: Cloud resilience via execution path analysis

Future Generation Computer Systems
A security reference architecture for cloud systems

Proceedings of the WICSA 2014 Companion Volume

Quantified Score

Hi-index	0.00

Visualization

Abstract

Cloud computing adoption and diffusion are threatened by unresolved security issues that affect both the cloud provider and the cloud user. In this paper, we show how virtualization can increase the security of cloud computing, by protecting both the integrity of guest virtual machines and the cloud infrastructure components. In particular, we propose a novel architecture, Advanced Cloud Protection System (ACPS), aimed at guaranteeing increased security to cloud resources. ACPS can be deployed on several cloud solutions and can effectively monitor the integrity of guest and infrastructure components while remaining fully transparent to virtual machines and to cloud users. ACPS can locally react to security breaches as well as notify a further security management layer of such events. A prototype of our ACPS proposal is fully implemented on two current open source solutions: Eucalyptus and OpenECP. The prototype is tested against effectiveness and performance. In particular: (a) effectiveness is shown testing our prototype against attacks known in the literature; (b) performance evaluation of the ACPS prototype is carried out under different types of workload. Results show that our proposal is resilient against attacks and that the introduced overhead is small when compared to the provided features.