CloudMon: Monitoring Virtual Machines in Clouds

In the cloud platform, the startup security of guest virtual machines (VMs) can be guaranteed by existing techniques such as TBoot, however, how to monitor and guarantee their runtime security seems to be a non-trivial challenge, when they are exposed to the Internet. For a practical cloud system, s...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on computers 2016-12, Vol.65 (12), p.3787-3793
Main Authors: Weng, Chuliang, Liu, Qian, Li, Kenli, Zou, Deqing
Format: Article
Language:English
Subjects:
Cloud
Cloud computing
Computer security
Cybersecurity
Dynamical systems
Feature extraction
Generators
Kernels
Monitoring
Run time (computers)
Runtime
system security
Virtual environments
virtual machine
Virtual machining
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In the cloud platform, the startup security of guest virtual machines (VMs) can be guaranteed by existing techniques such as TBoot, however, how to monitor and guarantee their runtime security seems to be a non-trivial challenge, when they are exposed to the Internet. For a practical cloud system, security and performance are two important issues. In this paper, we propose a dynamic framework called CloudMon to detect kernel rootkits and guarantee the runtime security of guest VMs. CloudMon is transparent to a guest VM, neither requires its specific system information, nor has to one-on-one run with it. Meanwhile, CloudMon detects kernel rootkits through self-adjusting monitoring on memory with an acceptable overhead. A working prototype of CloudMon is implemented based on Xen. The case studies on security show that CloudMon is effective to detect kernel rootkits in guest VMs, while the performance experiments demonstrate that it brings a low performance overhead.
ISSN:0018-9340
1557-9956
DOI:10.1109/TC.2016.2560809