An In-Out-VM measurement architecture against dynamic attacks in clouds

As we know, the biggest challenge for SaaS (software as a service) cloud computing systems is guaranteeing user-level security. For this end, some approaches and systems have been proposed for virtual machine in cloud platform. However, the integrity measurement methods used in virtual machine, cannot detect dynamic attacks, such as measuring applications periodically or statically (measuring before execution). This paper first presents an In-Out-VM dynamic measurement architecture (IODMA) especially for Xen virtual machine (VM), which aims at user´s running applications rather than static executable files. By comparison, it has advantages in three aspects. Firstly, it detects dynamic attacks and has a better performance than the static ones. Secondly, the measurements are done at any time on demand rather than at specific time. Thirdly, it supports fine-grained protection such as measuring the code segment and the argument segment separately. In addition, it is implemented by a hybrid of In-VM method and Out-of-VM method. The In-VM part of the hybrid effectively reduces the switching overheads between privileged virtual machine and guest virtual machines, while the Out-of-VM part improves the security. Finally, an implementation of IODMA is given equipped with the Trusted Platform Module (TPM), which achieves above goals with good performance.