Research of Security as a Service for VMs in IaaS Platform

With the rapid promotion and application of cloud computing technology in various fields, cloud computing security has become the focus of attention. To satisfy the virtual machine (VM) security requirements of communication access control, network anomaly detection, memory monitoring, and file antivirus in Infrastructure as a Service (IaaS) platform, a comprehensive protection framework with the capacity of defense-in-depth for tenant VMs was proposed in this paper, which employed three different layers to satisfy above security requirements of tenant business from the outside to the inside of the VM. At the first layer, a tenant domain model was abstracted and realized based on software defined networking (SDN), which was used to re-obtain the capacity for communication access control for VM traffic and ensure security isolation of different tenant business networks. Besides, to detect the network abnormality of tenant VMs, a traffic structure stability model was constructed according to the deviation degree between current and historical normal network traffic structure profile. At the second layer, the capacities of network access control and anomaly detection, the same as the capacities used in the first layer, which were provided based on VM granularity. At the third layer, to monitor the VM memory information, a VM security monitoring method with agentless based on online analysis of VM memory was proposed by employing physical memory analysis mechanism. Moreover, a file antivirus method named HyperAV for VM based on virtualization was given, which was constructed of a frontend and a rear end. HyperAV optimized the process of virus scanning by monitoring the sector change information of a running VM with low performance costs. The experimental results demonstrated the effectiveness and low performance costs of the proposed protection framework and the corresponding security mechanisms, respectively.