Title :
Defending against VM rollback attack
Author :
Xia, Yubin ; Liu, Yutao ; Chen, Haibo ; Zang, Binyu
Abstract :
Recently it became a hot topic to protect VMs from a compromised or even malicious hypervisor. However, most previous systems are vulnerable to rollback attack, since it is hard to distinguish from normal suspend/resume and migration operations that an IaaS platform usually offers. Some of the previous systems simply disable these features to defend rollback attack, while others heavily need user involvement. In this paper, we propose a new solution to make a balance between security and functionality. By securely logging all the suspend/resume and migration operation inside a small trusted computing base, a user can audit the log to check malicious rollback and constrain the operations on the VMs. The solution considers several practical issues including hardware limitations and minimizing user´s interaction, and has been implemented on a recent VM protection system.
Keywords :
cloud computing; security of data; trusted computing; virtual machines; IaaS platform; VM protection system; VM rollback attack; malicious hypervisor; malicious rollback; migration operations; suspend-resume operations; trusted computing; virtual machines; Booting; Cloning; Cryptography; Hardware; Processor scheduling; Virtual machine monitors;
Conference_Titel :
Dependable Systems and Networks Workshops (DSN-W), 2012 IEEE/IFIP 42nd International Conference on
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4673-2264-5
Electronic_ISBN :
978-1-4673-2265-2
DOI :
10.1109/DSNW.2012.6264690
