Title :
Cloud-Based Application Whitelisting
Author :
Hizver, Jennia ; Chiueh, Tzi-cker
Author_Institution :
Dept. of Comput. Sci., Stony Brook Univ., Stony Brook, NY, USA
fDate :
June 28 2013-July 3 2013
Abstract :
Cloud computing ushers in an era of consolidated information technology infrastructure that is elastic, available and scalable. Virtualization is a critical building block in this evolution and enables centralized, consistent, and policy-driven administration of the underlying computing resources and their protection. This paper presents a cloud-based application whitelisting system called CLAW, which leverages this centralized management flexibility to guarantee that only application binaries in a pre-approved set are allowed to run in each virtual machine under its management. In addition, by applying virtual machine introspection technology, CLAW performs this security policy enforcement without installing any agents inside the managed VMs. We describe the key techniques in the design and implementation of CLAW and compare them with previous hypervisor-based application whitelisting systems. Empirical measurements on a Xen-based CLAW prototype for Windows-based virtual machines show that the run-time performance overhead of out-of-VM application whitelisting is under 10%.
Keywords :
cloud computing; security of data; virtual machines; Windows-based virtual machines; Xen-based CLAW prototype; centralized management flexibility; cloud computing; cloud-based application whitelisting system; hypervisor-based application; security policy enforcement; virtual machine introspection technology; Cloud computing; Data structures; Kernel; Libraries; Loading; Monitoring; Process control;
Conference_Titel :
Cloud Computing (CLOUD), 2013 IEEE Sixth International Conference on
Conference_Location :
Santa Clara, CA
Print_ISBN :
978-0-7695-5028-2
DOI :
10.1109/CLOUD.2013.48
