The design and implementation of tripwire: a file system integrity checker
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
A novel approach for a file-system integrity monitor tool of Xen virtual machine
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Opening black boxes: using semantic information to combat virtual machine image sprawl
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
HAIL: a high-availability and integrity layer for cloud storage
Proceedings of the 16th ACM conference on Computer and communications security
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Managing security of virtual machine images in a cloud environment
Proceedings of the 2009 ACM workshop on Cloud computing security
Communications of the ACM
Security and Privacy Challenges in Cloud Computing Environments
IEEE Security and Privacy
Always up-to-date: scalable offline patching of VM images in a compute cloud
Proceedings of the 26th Annual Computer Security Applications Conference
HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Achieving attestation with less effort: an indirect and configurable approach to integrity reporting
Proceedings of the sixth ACM workshop on Scalable trusted computing
AmazonIA: when elasticity snaps back
Proceedings of the 18th ACM conference on Computer and communications security
How to tell if your cloud files are vulnerable to drive crashes
Proceedings of the 18th ACM conference on Computer and communications security
Enabling secure VM-vTPM migration in private clouds
Proceedings of the 27th Annual Computer Security Applications Conference
An empirical analysis of similarity in virtual machine images
Proceedings of the Middleware 2011 Industry Track Workshop
Virtual machine images as structured data: the mirage image library
HotCloud'11 Proceedings of the 3rd USENIX conference on Hot topics in cloud computing
| Hi-index | 0.00 |
Virtual appliances (VAs) are ready-to-use virtual machine images that are configured for specific purposes. For example, a virtual machine image that contains all the software necessary to develop and host a JSP-based website is typically available as a "Java Web Starter" VA. Currently there are many VA repositories from which users can download VAs and instantiate them on Infrastructure-as-a-Service (IaaS) clouds, allowing them to quickly launch their services. This marketplace, however, lacks adequate mechanisms that allow users to a priori assess whether a specific VA is really configured with the software that it is expected to be configured with. This paper evaluates the integrity of software packages installed on real-world VAs, through the use of a software whitelist-based framework, and finds that indeed there is a lot of variance in the software integrity of packages across VAs. Analysis of 151 Amazon VAs using this framework shows that about 9% of real-world VAs have significant numbers of software packages that contain unknown files, making them potentially untrusted. Virus scanners flagged just half of the VAs in that 9% as malicious, demonstrating that virus scanning alone is not sufficient to help users select a trustable VA and that a priori software integrity assessment has a role to play.