Real-time deep virtual machine introspection and its applications
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
| Hi-index | 0.00 |
Cloud computing ushers in an era of consolidated information technology infrastructure that is elastic, available and scalable. Virtualization is a critical building block in this evolution and enables centralized, consistent, and policy-driven administration of the underlying computing resources and their protection. This paper presents a cloud-based application whitelisting system called CLAW, which leverages this centralized management flexibility to guarantee that only application binaries in a pre-approved set are allowed to run in each virtual machine under its management. In addition, by applying virtual machine introspection technology, CLAW performs this security policy enforcement without installing any agents inside the managed VMs. We describe the key techniques in the design and implementation of CLAW and compare them with previous hypervisor-based application whitelisting systems. Empirical measurements on a Xen-based CLAW prototype for Windows-based virtual machines show that the run-time performance overhead of out-of-VM application whitelisting is under 10%.