论文信息 - cMonitor: VMI-based fine-grained monitoring mechanism in cloud

cMonitor: VMI-based fine-grained monitoring mechanism in cloud

For the lack of detailed semantic in prior works, a transparent fine-grained monitoring technique (cMonitor) is proposed. Deployed outside the virtual machines, the cMonitor utilizes the elevated privileges of the virtual machine monitor to monitor the network connection, the processes and the relationship between them in protected systems by reconstructing fine-grained system semantics. These semantics contain process states and corresponding network connection. Experimental results show that cMonitor not only can be rapidly deployed in realistic cloud, but also can effectively and universally obtain these fine-grained semantics to assist detection of some advanced network attack. Meanwhile, the network performance overhead is about 3%, which is acceptable.

Lei Zhao | Lai Xu | Lina Wang | Hao Zhang

[1] Brian Hay,et al. Forensics examination of volatile system data using virtual introspection , 2008, OPSR.

[2] Muttukrishnan Rajarajan,et al. A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[3] Samuel T. King,et al. Detecting past and present intrusions through vulnerability-specific predicates , 2005, SOSP '05.

[4] Xuxian Jiang,et al. Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing , 2008, RAID.

[5] Sina Manavi,et al. SECURE MODEL FOR VIRTUALIZATION LAYER IN CLOUDINFRASTRUCTURE , 2012 .

[6] Tal Garfinkel,et al. A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[7] Xuxian Jiang,et al. Defeating Dynamic Data Kernel Rootkit Attacks via VMM-Based Guest-Transparent Monitoring , 2009, 2009 International Conference on Availability, Reliability and Security.

[8] Wenke Lee,et al. Ether: malware analysis via hardware virtualization extensions , 2008, CCS.

[9] Michael D. Ernst,et al. Automatically patching errors in deployed software , 2009, SOSP '09.

[10] Wenke Lee,et al. Lares: An Architecture for Secure Active Monitoring Using Virtualization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[11] Gang Chen,et al. SafeStack: Automatically Patching Stack-Based Buffer Overflow Vulnerabilities , 2013, IEEE Transactions on Dependable and Secure Computing.