A high-performance virtual machine filesystem monitor in cloud-assisted cognitive IoT

Cloud-assisted Cognitive Internet of Things has powerful data analytics abilities based on the computing and data storage capabilities of cloud virtual machines, which makes protecting virtual machine filesystem very important for the whole system security. Agentless periodic filesystem monitors are optimal solutions to protect cloud virtual machines because of the secure and low-overhead features. However, most of the periodic monitors usually scan all of the virtual machine filesystem or protected files in every scanning poll, so lots of secure files are scanned again and again even though they are not corrupted. In this paper, we propose a novel agentless periodic filesystem monitor framework for virtual machines with different image formats to improve the performance of agentless periodic monitors. Our core idea is to minimize the scope of the scanning files in both file integrity checking and virus detection. In our monitor, if a file is considered secure, it will not be scanned when it has not been modified. Since our monitor only scans the newly created and modified files, it can check fewer files than other filesystem monitors. To that end, we propose two monitor methods for different types of virtual machine disks to reduce the number of scanning files. For virtual machine with single disk image, we hook the backend driver to capture the disk modification information. For virtual machine with multiple copy-onwrite images, we leverage the copy-on-write feature of QCOW2 images to achieve the disk modification analysis. In addition, our system can restore and remove the corrupted files. The experimental results show that our system is effective for both Windows and Linux virtual machines with different image formats and can reduce the number of scanning files and scanning time.

[1]  Jianxin Li,et al.  vMON: An Efficient Out-of-VM Process Monitor for Virtual Machines , 2013, 2013 IEEE 10th International Conference on High Performance Computing and Communications & 2013 IEEE International Conference on Embedded and Ubiquitous Computing.

[2]  Mohsen Guizani,et al.  Transactions papers a routing-driven Elliptic Curve Cryptography based key management scheme for Heterogeneous Sensor Networks , 2009, IEEE Transactions on Wireless Communications.

[3]  G Ramesh,et al.  Security Threats to Mobile Multimedia Applications: Camera-Based Attacks on Mobile Phones , 2018 .

[4]  Xiaojiang Du,et al.  Protecting Critical Files Using Target-Based Virtual Machine Introspection Approach , 2017, IEICE Trans. Inf. Syst..

[5]  Yangchun Fu,et al.  EXTERIOR: using a dual-VM based external shell for guest-OS introspection, configuration, and recovery , 2013, VEE '13.

[6]  Brendan Dolan-Gavitt,et al.  Tappan Zee (north) bridge: mining memory accesses for introspection , 2013, CCS.

[7]  Shen Su,et al.  CFWatcher: A novel target-based real-time approach to monitor critical files using VMI , 2016, 2016 IEEE International Conference on Communications (ICC).

[8]  Nur Izura Udzir,et al.  File Integrity Monitor Scheduling Based on File Security Level Classification , 2011, ICSECS.

[9]  Xiaojiang Du,et al.  A survey of key management schemes in wireless sensor networks , 2007, Comput. Commun..

[10]  Bu-Sung Lee,et al.  Flogger: A File-Centric Logger for Monitoring File Access and Transfers within Cloud Computing Environments , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[11]  Xiaojiang Du,et al.  Security in wireless sensor networks , 2008, IEEE Wireless Communications.

[12]  Abhinav Srivastava,et al.  CloudVMI: Virtual Machine Introspection as a Cloud Service , 2014, 2014 IEEE International Conference on Cloud Engineering.

[13]  Junyuan Zeng,et al.  HYPERSHELL: A Practical Hypervisor Layer Guest OS Shell for Automated In-VM Management , 2014, USENIX Annual Technical Conference.

[14]  Claudia Eckert,et al.  Nitro: Hardware-Based System Call Tracing for Virtual Machines , 2011, IWSEC.

[15]  Rajasekhar Mungara,et al.  A Routing-Driven Elliptic Curve Cryptography based Key Management Scheme for Heterogeneous Sensor Networks , 2014 .

[16]  Anjali Sardana,et al.  A light weight centralized file monitoring approach for securing files in Cloud environment , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[17]  Jennia Hizver,et al.  Real-time deep virtual machine introspection and its applications , 2014, VEE '14.

[18]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[19]  Miao Yu,et al.  Hypervisor-based protection of sensitive files in a compromised system , 2012, SAC '12.

[20]  Xiaojiang Du,et al.  Checking virtual machine kernel control-flow integrity using a page-level dynamic tracing approach , 2018, Soft Comput..

[21]  Longfei Wu,et al.  MobiFish: A lightweight anti-phishing scheme for mobile phones , 2014, 2014 23rd International Conference on Computer Communication and Networks (ICCCN).

[22]  Gokul S. Krishnan,et al.  Advanced integrity checking and recovery using write-protected storage for enhancing operating system security , 2015, 2015 10th International Conference on Computer Science & Education (ICCSE).

[23]  Jie Wu,et al.  Effective Defense Schemes for Phishing Attacks on Mobile Computing Platforms , 2016, IEEE Transactions on Vehicular Technology.

[24]  Prasad Diwane Achieving Big Data Privacy via Hybrid Cloud , 2017 .

[25]  Yoshiyasu Takefuji,et al.  A Real-time Integrity Monitor for Xen Virtual Machine , 2006, International conference on Networking and Services (ICNS'06).