Virtualization Security Combining Mandatory Access Control and Virtual Machine Introspection

Win, Thu Yein; Tianfield, Huaglory; Mair, Quentin

doi:10.1109/ucc.2014.165

Cited by 15 publications

(7 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The requested VM with its mentioned specifications has to be placed in the cloud server. Previous research indicates security-as-a service that could be provided and provisioned to the customers according to their security specification and needs [7]. The health of the VM has to also monitor whether the VM which is secured meets the requirements of a healthy VM.…”

Section: B Security In Virtual Machinesmentioning

confidence: 99%

“…Past research shows that in order to eliminate side channel attacks, number of solutions have been discussed in [7,10,11].Study indicates that an attacker can achieve coresidency with an estimate of about 40% that could mean that almost 4 attacker VM's out of 10 could co locate a VM victim. The authors, Yi Han et al, have efficiently tried to minimize the number of attacker VM to be co resident with the target VM.…”

Section: B Security In Virtual Machinesmentioning

confidence: 99%

“…The Virtual machine introspection (VMI) [22] proposes to protect the virtualization environment by providing a novel virtualization security by monitoring the state of a guest VM with its own benefits such as higher level privileges, strong isolation and so on. Intrusion detection in the VMs is used with the help of the VMI technique by the authors of [23].…”

Section: C Anomaly Detection and Defense Techniques In Cloudsmentioning

confidence: 99%

See 2 more Smart Citations

Detection of Malware Attacks on Virtual Machines for a Self-Heal Approach in Cloud Computing using VM Snapshots

Joseph

Mukesh

2018

JCOMSS

View full text Add to dashboard Cite

Abstract-Cloud Computing strives to be dynamic as a service oriented architecture (SoA). The services in the SoA are rendered in terms of private, public and in many other commercial domain aspects. These services should be secured and thus are very vital to the cloud infrastructure. In order, to secure and maintain resilience in the cloud, it not only has to have the ability to identify the known threats but also to new challenges that target the infrastructure of a cloud. In this paper, we introduce and discuss a detection method of malwares from the VM memory snapshot analysis and the corresponding VM snapshots are classified into attacked and non-attacked VM snapshots. As snapshots are always taken to be a backup in the backup servers, this approach could reduce the overhead of the backup server with a self-healing capability of the VMs in the local cloud infrastructure itself without any compromised VM in the backup server. A machine learning approach is projected here to classify the attacked and non attacked snapshots. The features of the snapshots are gathered from the API calls of VM instances. Our proposed scheme has a high detection accuracy of about 93% while having the capability to classify and detect different types of malwares with respect to the VM snapshots. Finally the paper exhibits an algorithm using snapshots to detect and thus to selfheal. The self-healing approach with machine learning algorithms can determine new threats with some prior knowledge of its functionality.

show abstract

Section: B Security In Virtual Machinesmentioning

confidence: 99%

Section: B Security In Virtual Machinesmentioning

confidence: 99%

Section: C Anomaly Detection and Defense Techniques In Cloudsmentioning

confidence: 99%

See 1 more Smart Citation

Detection of Malware Attacks on Virtual Machines for a Self-Heal Approach in Cloud Computing using VM Snapshots

Joseph

Mukesh

2018

JCOMSS

View full text Add to dashboard Cite

show abstract

“…Kumara et al [16] presented a virtual machine introspection (VMI) based on malicious process detection approach for VM, which extracted the high level information such as system call, opened known backdoor ports from introspected memory to identify the spurious process. Win et al [17] introduced the mandatory access control (MAC) to protect the in-VM monitoring and the hypervisor, aiming at finally protect the guest VM against attacks with relatively ideal overhead.…”

Section: Introductionmentioning

confidence: 99%

A Multi-level Perception Security Model Using Virtualization

Lou¹,

Jiang²,

Chang³

et al. 2018

TIIS

View full text Add to dashboard Cite

Virtualization technology has been widely applied in the area of computer security research that provides a new method for system protection. It has been a hotspot in system security research at present. Virtualization technology brings new risk as well as progress to computer operating system (OS). A multi-level perception security model using virtualization is proposed to deal with the problems of oversimplification of risk models, unreliable assumption of secure virtual machine monitor (VMM) and insufficient integration with virtualization technology in security design. Adopting the enhanced isolation mechanism of address space, the security perception units can be protected from risk environment. Based on parallel perceiving by the secure domain possessing with the same privilege level as VMM, a mechanism is established to ensure the security of VMM. In addition, a special pathway is set up to strengthen the ability of information interaction in the light of making reverse use of the method of covert channel. The evaluation results show that the proposed model is able to obtain the valuable risk information of system while ensuring the integrity of security perception units, and it can effectively identify the abnormal state of target system without significantly increasing the extra overhead.

show abstract

“…С этой целью можно использовать технологию виртуализации машин, предполагающую использование избыточной вычислительной мощности серверов [6][7][8]. Эффект защиты в данном случае достигается за счет того, что для каждого пользователя может быть создана своя виртуальная машина [9,10]. Однако эта технология крайне избыточна и существенно загружает вычислительные ресурсы.…”

unclassified