CryptVMI: A flexible and encrypted virtual machine introspection system in the cloud

Fangzhou Yao, Read Sprabery, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Virtualization has demonstrated its importance in both public and private cloud computing solutions. In such environments, multiple virtual instances run on the same physical machine concurrently. Thus, the isolation in the system is not guaranteed by the physical infrastructure anymore. Reliance on logical isolation makes a system vulnerable to attacks. Thus, Virtual Machine Introspection techniques become essential,since they simplify the process to acquire evidence for further analysis in this complex system. However, Virtual Machine Introspection tools for the cloud are usually written specifically for a single system and do not provide a standard interface to work with other security monitoring systems. Moreover, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building a flexible and encrypted Virtual Machine Introspection system, CryptVMI, to address the above concerns. Our approach maintains a client application on the user end to send queries to the cloud, as well as parse the results returned in a standard form. We also have a handler that cooperates with an introspection application in the cloud infrastructure to process queries and return encrypted results. This work shows our design and implementation of this system, and the benchmark results prove that it does not incur much performance overhead.

Original languageEnglish (US)
Title of host publicationSCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing
PublisherAssociation for Computing Machinery
Pages11-17
Number of pages7
ISBN (Print)9781450328050
DOIs
StatePublished - Jan 1 2014
Event2nd International Workshop on Security in Cloud Computing, SCC 2014 - Kyoto, Japan
Duration: Jun 3 2014Jun 3 2014

Publication series

NameSCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing

Other

Other2nd International Workshop on Security in Cloud Computing, SCC 2014
CountryJapan
CityKyoto
Period6/3/146/3/14

Fingerprint

Computer systems
Cloud computing
Machine tools
Large scale systems
Monitoring
Virtual machine
Virtualization

Keywords

  • cloud computing
  • confidentiality
  • virtual machine introspection
  • virtualization

ASJC Scopus subject areas

  • Software

Cite this

Yao, F., Sprabery, R., & Campbell, R. H. (2014). CryptVMI: A flexible and encrypted virtual machine introspection system in the cloud. In SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing (pp. 11-17). (SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing). Association for Computing Machinery. https://doi.org/10.1145/2600075.2600078

CryptVMI : A flexible and encrypted virtual machine introspection system in the cloud. / Yao, Fangzhou; Sprabery, Read; Campbell, Roy H.

SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing. Association for Computing Machinery, 2014. p. 11-17 (SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Yao, F, Sprabery, R & Campbell, RH 2014, CryptVMI: A flexible and encrypted virtual machine introspection system in the cloud. in SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing. SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing, Association for Computing Machinery, pp. 11-17, 2nd International Workshop on Security in Cloud Computing, SCC 2014, Kyoto, Japan, 6/3/14. https://doi.org/10.1145/2600075.2600078
Yao F, Sprabery R, Campbell RH. CryptVMI: A flexible and encrypted virtual machine introspection system in the cloud. In SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing. Association for Computing Machinery. 2014. p. 11-17. (SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing). https://doi.org/10.1145/2600075.2600078
Yao, Fangzhou ; Sprabery, Read ; Campbell, Roy H. / CryptVMI : A flexible and encrypted virtual machine introspection system in the cloud. SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing. Association for Computing Machinery, 2014. pp. 11-17 (SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing).
@inproceedings{b2a46dc7816948cea015d700c18ae6b3,
title = "CryptVMI: A flexible and encrypted virtual machine introspection system in the cloud",
abstract = "Virtualization has demonstrated its importance in both public and private cloud computing solutions. In such environments, multiple virtual instances run on the same physical machine concurrently. Thus, the isolation in the system is not guaranteed by the physical infrastructure anymore. Reliance on logical isolation makes a system vulnerable to attacks. Thus, Virtual Machine Introspection techniques become essential,since they simplify the process to acquire evidence for further analysis in this complex system. However, Virtual Machine Introspection tools for the cloud are usually written specifically for a single system and do not provide a standard interface to work with other security monitoring systems. Moreover, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building a flexible and encrypted Virtual Machine Introspection system, CryptVMI, to address the above concerns. Our approach maintains a client application on the user end to send queries to the cloud, as well as parse the results returned in a standard form. We also have a handler that cooperates with an introspection application in the cloud infrastructure to process queries and return encrypted results. This work shows our design and implementation of this system, and the benchmark results prove that it does not incur much performance overhead.",
keywords = "cloud computing, confidentiality, virtual machine introspection, virtualization",
author = "Fangzhou Yao and Read Sprabery and Campbell, {Roy H.}",
year = "2014",
month = "1",
day = "1",
doi = "10.1145/2600075.2600078",
language = "English (US)",
isbn = "9781450328050",
series = "SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing",
publisher = "Association for Computing Machinery",
pages = "11--17",
booktitle = "SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing",

}

TY - GEN

T1 - CryptVMI

T2 - A flexible and encrypted virtual machine introspection system in the cloud

AU - Yao, Fangzhou

AU - Sprabery, Read

AU - Campbell, Roy H.

PY - 2014/1/1

Y1 - 2014/1/1

N2 - Virtualization has demonstrated its importance in both public and private cloud computing solutions. In such environments, multiple virtual instances run on the same physical machine concurrently. Thus, the isolation in the system is not guaranteed by the physical infrastructure anymore. Reliance on logical isolation makes a system vulnerable to attacks. Thus, Virtual Machine Introspection techniques become essential,since they simplify the process to acquire evidence for further analysis in this complex system. However, Virtual Machine Introspection tools for the cloud are usually written specifically for a single system and do not provide a standard interface to work with other security monitoring systems. Moreover, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building a flexible and encrypted Virtual Machine Introspection system, CryptVMI, to address the above concerns. Our approach maintains a client application on the user end to send queries to the cloud, as well as parse the results returned in a standard form. We also have a handler that cooperates with an introspection application in the cloud infrastructure to process queries and return encrypted results. This work shows our design and implementation of this system, and the benchmark results prove that it does not incur much performance overhead.

AB - Virtualization has demonstrated its importance in both public and private cloud computing solutions. In such environments, multiple virtual instances run on the same physical machine concurrently. Thus, the isolation in the system is not guaranteed by the physical infrastructure anymore. Reliance on logical isolation makes a system vulnerable to attacks. Thus, Virtual Machine Introspection techniques become essential,since they simplify the process to acquire evidence for further analysis in this complex system. However, Virtual Machine Introspection tools for the cloud are usually written specifically for a single system and do not provide a standard interface to work with other security monitoring systems. Moreover, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building a flexible and encrypted Virtual Machine Introspection system, CryptVMI, to address the above concerns. Our approach maintains a client application on the user end to send queries to the cloud, as well as parse the results returned in a standard form. We also have a handler that cooperates with an introspection application in the cloud infrastructure to process queries and return encrypted results. This work shows our design and implementation of this system, and the benchmark results prove that it does not incur much performance overhead.

KW - cloud computing

KW - confidentiality

KW - virtual machine introspection

KW - virtualization

UR - http://www.scopus.com/inward/record.url?scp=84902845640&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84902845640&partnerID=8YFLogxK

U2 - 10.1145/2600075.2600078

DO - 10.1145/2600075.2600078

M3 - Conference contribution

AN - SCOPUS:84902845640

SN - 9781450328050

T3 - SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing

SP - 11

EP - 17

BT - SCC 2014 - Proceedings of the 2nd International Workshop on Security in Cloud Computing

PB - Association for Computing Machinery

ER -