Leveraging Virtual Machine Introspection for Hot-Hardening of Arbitrary Cloud-User Applications

Correctly applying security settings of various different applications is a time-consuming and in some cases a very difficult task. Moreover, with explosion in cloud computing popularity, cloud users are able to download and run pre-packaged virtual appliances. Many users may assume that these come with correct security settings and never bother to check or update these settings. In this paper we propose an architecture that can automatically and transparently improve security settings of arbitrary network applications in a cloud computing setup. Users can deploy virtual machines with different applications, and our system will attempt to find and test better security settings tailored towards their specific setup. We call this approach "hot-hardening" since our techniques are applied to running applications.

[1]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[2]  HarrisTim,et al.  Xen and the art of virtualization , 2003 .

[3]  Steven D. Gribble,et al.  Configuration Debugging as Search: Finding the Needle in the Haystack , 2004, OSDI.

[4]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[5]  Wei-Tek Tsai,et al.  Autonomous hot patching for Web-based applications , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[6]  Abhinav Srivastava,et al.  Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections , 2008, RAID.

[7]  William A. Arbaugh,et al.  VICI Virtual Machine Introspection for Cognitive Immunity , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[8]  Wenke Lee,et al.  Lares: An Architecture for Secure Active Monitoring Using Virtualization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[9]  Ehab Al-Shaer,et al.  Automated pseudo-live testing of firewall configuration enforcement , 2009, IEEE Journal on Selected Areas in Communications.

[10]  Yingwei Luo,et al.  Fast Live Cloning of Virtual Machine Based on Xen , 2009, 2009 11th IEEE International Conference on High Performance Computing and Communications.

[11]  Sergey Bratus,et al.  Katana: A Hot Patching Framework for ELF Executables , 2010, 2010 International Conference on Availability, Reliability and Security.

[12]  Xuxian Jiang,et al.  Process Implanting: A New Active Introspection Framework for Virtualization , 2011, 2011 IEEE 30th International Symposium on Reliable Distributed Systems.

[13]  Brendan Dolan-Gavitt,et al.  Leveraging Forensic Tools for Virtual Machine Introspection , 2011 .

[14]  Randy H. Katz,et al.  Static extraction of program configuration options , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[15]  Jonathon T. Giffin,et al.  2011 IEEE Symposium on Security and Privacy Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection , 2022 .

[16]  Wenke Lee,et al.  Secure and Robust Monitoring of Virtual Machines through Guest-Assisted Introspection , 2012, RAID.

[17]  Erik Tews How to enable Live Cloning of Virtual Machines using the Xen Hypervisor , 2013 .

[18]  Yuanyuan Zhou,et al.  Do not blame users for misconfigurations , 2013, SOSP.

[19]  Thomas R. Gross,et al.  Hot-patching a web server: A case study of ASAP code repair , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[20]  Brendan Dolan-Gavitt,et al.  Tappan Zee (north) bridge: mining memory accesses for introspection , 2013, CCS.

[21]  Stefan Katzenbeisser,et al.  Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security , 2016, CCS.