CryptVMI: Encrypted virtual machine introspection in the cloud

Fangzhou Yao; R H Campbell

doi:10.1109/CLOUD.2014.149

CryptVMI: Encrypted virtual machine introspection in the cloud

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Virtualization techniques are the key in both public and private cloud computing environments. In such environments, multiple virtual instances are running on the same physical machine. The logical isolation between systems makes security assurance weaker than physically isolated systems. Thus, Virtual Machine Introspection techniques become essential to prevent the virtual system from being vulnerable to attacks. However, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building an encrypted Virtual Machine Introspection system, CryptVMI, to address the above concern, especially in a public cloud system. Our approach maintains a query handler on the management node to handle encrypted queries from user clients. We pass the query to the corresponding compute node that holds the virtual instance queried. The introspection application deployed on the compute node processes the query and acquires the encrypted results from the virtual instance for the user. This work shows our design and preliminary implementation of this system.

Original language	English (US)
Title of host publication	Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014
Editors	Carl Kesselman
Publisher	IEEE Computer Society
Pages	977-978
Number of pages	2
ISBN (Electronic)	9781479950638
DOIs	https://doi.org/10.1109/CLOUD.2014.149
State	Published - Dec 3 2014
Event	7th IEEE International Conference on Cloud Computing, CLOUD 2014 - Anchorage, United States Duration: Jun 27 2014 → Jul 2 2014

Publication series

Name	IEEE International Conference on Cloud Computing, CLOUD
ISSN (Print)	2159-6182
ISSN (Electronic)	2159-6190

Other

Other	7th IEEE International Conference on Cloud Computing, CLOUD 2014
Country	United States
City	Anchorage
Period	6/27/14 → 7/2/14

ASJC Scopus subject areas

Artificial Intelligence
Information Systems
Software

Access to Document

10.1109/CLOUD.2014.149

Fingerprint Dive into the research topics of 'CryptVMI: Encrypted virtual machine introspection in the cloud'. Together they form a unique fingerprint.

Cite this

Yao, F., & Campbell, R. H. (2014). CryptVMI: Encrypted virtual machine introspection in the cloud. In C. Kesselman (Ed.), Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014 (pp. 977-978). [6973855] (IEEE International Conference on Cloud Computing, CLOUD). IEEE Computer Society. https://doi.org/10.1109/CLOUD.2014.149

CryptVMI : Encrypted virtual machine introspection in the cloud. / Yao, Fangzhou; Campbell, R H.

Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014. ed. / Carl Kesselman. IEEE Computer Society, 2014. p. 977-978 6973855 (IEEE International Conference on Cloud Computing, CLOUD).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yao, F & Campbell, RH 2014, CryptVMI: Encrypted virtual machine introspection in the cloud. in C Kesselman (ed.), Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014., 6973855, IEEE International Conference on Cloud Computing, CLOUD, IEEE Computer Society, pp. 977-978, 7th IEEE International Conference on Cloud Computing, CLOUD 2014, Anchorage, United States, 6/27/14. https://doi.org/10.1109/CLOUD.2014.149

@inproceedings{12c8442c28664f5f9c41417495afb4ac,

title = "CryptVMI: Encrypted virtual machine introspection in the cloud",

abstract = "Virtualization techniques are the key in both public and private cloud computing environments. In such environments, multiple virtual instances are running on the same physical machine. The logical isolation between systems makes security assurance weaker than physically isolated systems. Thus, Virtual Machine Introspection techniques become essential to prevent the virtual system from being vulnerable to attacks. However, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building an encrypted Virtual Machine Introspection system, CryptVMI, to address the above concern, especially in a public cloud system. Our approach maintains a query handler on the management node to handle encrypted queries from user clients. We pass the query to the corresponding compute node that holds the virtual instance queried. The introspection application deployed on the compute node processes the query and acquires the encrypted results from the virtual instance for the user. This work shows our design and preliminary implementation of this system.",

author = "Fangzhou Yao and Campbell, {R H}",

year = "2014",

month = dec,

day = "3",

doi = "10.1109/CLOUD.2014.149",

language = "English (US)",

series = "IEEE International Conference on Cloud Computing, CLOUD",

publisher = "IEEE Computer Society",

pages = "977--978",

editor = "Carl Kesselman",

booktitle = "Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014",

note = "7th IEEE International Conference on Cloud Computing, CLOUD 2014 ; Conference date: 27-06-2014 Through 02-07-2014",

}

TY - GEN

T1 - CryptVMI

T2 - 7th IEEE International Conference on Cloud Computing, CLOUD 2014

AU - Yao, Fangzhou

AU - Campbell, R H

PY - 2014/12/3

Y1 - 2014/12/3

N2 - Virtualization techniques are the key in both public and private cloud computing environments. In such environments, multiple virtual instances are running on the same physical machine. The logical isolation between systems makes security assurance weaker than physically isolated systems. Thus, Virtual Machine Introspection techniques become essential to prevent the virtual system from being vulnerable to attacks. However, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building an encrypted Virtual Machine Introspection system, CryptVMI, to address the above concern, especially in a public cloud system. Our approach maintains a query handler on the management node to handle encrypted queries from user clients. We pass the query to the corresponding compute node that holds the virtual instance queried. The introspection application deployed on the compute node processes the query and acquires the encrypted results from the virtual instance for the user. This work shows our design and preliminary implementation of this system.

AB - Virtualization techniques are the key in both public and private cloud computing environments. In such environments, multiple virtual instances are running on the same physical machine. The logical isolation between systems makes security assurance weaker than physically isolated systems. Thus, Virtual Machine Introspection techniques become essential to prevent the virtual system from being vulnerable to attacks. However, this technique breaks down the borders of the segregation between multiple tenants, which should be avoided in a public cloud computing environment. In this paper, we focus on building an encrypted Virtual Machine Introspection system, CryptVMI, to address the above concern, especially in a public cloud system. Our approach maintains a query handler on the management node to handle encrypted queries from user clients. We pass the query to the corresponding compute node that holds the virtual instance queried. The introspection application deployed on the compute node processes the query and acquires the encrypted results from the virtual instance for the user. This work shows our design and preliminary implementation of this system.

UR - http://www.scopus.com/inward/record.url?scp=84919833642&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84919833642&partnerID=8YFLogxK

U2 - 10.1109/CLOUD.2014.149

DO - 10.1109/CLOUD.2014.149

M3 - Conference contribution

AN - SCOPUS:84919833642

T3 - IEEE International Conference on Cloud Computing, CLOUD

SP - 977

EP - 978

BT - Proceedings - 2014 IEEE 7th International Conference on Cloud Computing, CLOUD 2014

A2 - Kesselman, Carl

PB - IEEE Computer Society

Y2 - 27 June 2014 through 2 July 2014

ER -