Abstract
Virtualization techniques are the key in both public and private cloud computing environments. In such environments, multiple virtual instances are running on the same physical machine. The logical isolation between systems makes security assurance weaker than physically isolated systems. Thus, Virtual Machine Introspection techniques become essential to prevent the virtual system from being vulnerable to attacks. However, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building an encrypted Virtual Machine Introspection system, CryptVMI, to address the above concern, especially in a public cloud system. Our approach maintains a query handler on the management node to handle encrypted queries from user clients. We pass the query to the corresponding compute node that holds the virtual instance queried. The introspection application deployed on the compute node processes the query and acquires the encrypted results from the virtual instance for the user. This work shows our design and preliminary implementation of this system.
| Original language | English (US) |
|---|---|
| Title of host publication | Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014 |
| Editors | Carl Kesselman |
| Publisher | IEEE Computer Society |
| Pages | 977-978 |
| Number of pages | 2 |
| ISBN (Electronic) | 9781479950638 |
| DOIs | |
| State | Published - Dec 3 2014 |
| Event | 7th IEEE International Conference on Cloud Computing, CLOUD 2014 - Anchorage, United States Duration: Jun 27 2014 → Jul 2 2014 |
Publication series
| Name | IEEE International Conference on Cloud Computing, CLOUD |
|---|---|
| ISSN (Print) | 2159-6182 |
| ISSN (Electronic) | 2159-6190 |
Other
| Other | 7th IEEE International Conference on Cloud Computing, CLOUD 2014 |
|---|---|
| Country | United States |
| City | Anchorage |
| Period | 6/27/14 → 7/2/14 |
Fingerprint
ASJC Scopus subject areas
- Artificial Intelligence
- Information Systems
- Software
Cite this
CryptVMI : Encrypted virtual machine introspection in the cloud. / Yao, Fangzhou; Campbell, R H.
Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014. ed. / Carl Kesselman. IEEE Computer Society, 2014. p. 977-978 6973855 (IEEE International Conference on Cloud Computing, CLOUD).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - CryptVMI
T2 - Encrypted virtual machine introspection in the cloud
AU - Yao, Fangzhou
AU - Campbell, R H
PY - 2014/12/3
Y1 - 2014/12/3
N2 - Virtualization techniques are the key in both public and private cloud computing environments. In such environments, multiple virtual instances are running on the same physical machine. The logical isolation between systems makes security assurance weaker than physically isolated systems. Thus, Virtual Machine Introspection techniques become essential to prevent the virtual system from being vulnerable to attacks. However, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building an encrypted Virtual Machine Introspection system, CryptVMI, to address the above concern, especially in a public cloud system. Our approach maintains a query handler on the management node to handle encrypted queries from user clients. We pass the query to the corresponding compute node that holds the virtual instance queried. The introspection application deployed on the compute node processes the query and acquires the encrypted results from the virtual instance for the user. This work shows our design and preliminary implementation of this system.
AB - Virtualization techniques are the key in both public and private cloud computing environments. In such environments, multiple virtual instances are running on the same physical machine. The logical isolation between systems makes security assurance weaker than physically isolated systems. Thus, Virtual Machine Introspection techniques become essential to prevent the virtual system from being vulnerable to attacks. However, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building an encrypted Virtual Machine Introspection system, CryptVMI, to address the above concern, especially in a public cloud system. Our approach maintains a query handler on the management node to handle encrypted queries from user clients. We pass the query to the corresponding compute node that holds the virtual instance queried. The introspection application deployed on the compute node processes the query and acquires the encrypted results from the virtual instance for the user. This work shows our design and preliminary implementation of this system.
UR - http://www.scopus.com/inward/record.url?scp=84919833642&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84919833642&partnerID=8YFLogxK
U2 - 10.1109/CLOUD.2014.149
DO - 10.1109/CLOUD.2014.149
M3 - Conference contribution
AN - SCOPUS:84919833642
T3 - IEEE International Conference on Cloud Computing, CLOUD
SP - 977
EP - 978
BT - Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014
A2 - Kesselman, Carl
PB - IEEE Computer Society
ER -