{"title":"Securing KVM-Based Cloud Systems via Virtualization Introspection","authors":"Sheng-Wei Lee, Fang Yu","doi":"10.1109/HICSS.2014.617","DOIUrl":null,"url":null,"abstract":"Linux Kernel Virtual Machine (KVM) is one of the most commonly deployed hypervisor drivers in the IaaS layer of cloud computing ecosystems. The hypervisor provides a full-virtualization environment that intends to virtualize as much hardware and systems as possible, including CPUs, network interfaces and chipsets. With KVM, heterogeneous operating systems can be installed in Virtual Machines (VMs) in an homogeneous environment. However, it has been shown that various breaches due to software defects may cause damages on such a cloud ecosystem. We propose a new Virtualization Introspection System (VIS) to protect the host as well as VMs running on a KVM-based cloud structure from malicious attacks. VIS detects and intercepts attacks from VMs by collecting their static and dynamic status. We then replay the attacks on VMs and leverage artificial intelligence techniques to derive effective decision rules with unsupervised learning nature. The preliminary result shows the promise of the presented approach against several modern attacks on CVE-based vulnerabilities.","PeriodicalId":250241,"journal":{"name":"2014 47th Hawaii International Conference on System Sciences","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 47th Hawaii International Conference on System Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HICSS.2014.617","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 21
Abstract
Linux Kernel Virtual Machine (KVM) is one of the most commonly deployed hypervisor drivers in the IaaS layer of cloud computing ecosystems. The hypervisor provides a full-virtualization environment that intends to virtualize as much hardware and systems as possible, including CPUs, network interfaces and chipsets. With KVM, heterogeneous operating systems can be installed in Virtual Machines (VMs) in an homogeneous environment. However, it has been shown that various breaches due to software defects may cause damages on such a cloud ecosystem. We propose a new Virtualization Introspection System (VIS) to protect the host as well as VMs running on a KVM-based cloud structure from malicious attacks. VIS detects and intercepts attacks from VMs by collecting their static and dynamic status. We then replay the attacks on VMs and leverage artificial intelligence techniques to derive effective decision rules with unsupervised learning nature. The preliminary result shows the promise of the presented approach against several modern attacks on CVE-based vulnerabilities.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
