• DocumentCode
    2104096
  • Title

    An In-Out-VM measurement architecture against dynamic attacks in clouds

  • Author

    Yao Wang ; Yaqiang Mao ; Yuan Luo

  • Author_Institution
    Comput. Sci. & Eng. Dept., Shanghai Jiao Tong Univ., Shanghai, China
  • fYear
    2012
  • fDate
    9-11 Nov. 2012
  • Firstpage
    761
  • Lastpage
    767
  • Abstract
    As we know, the biggest challenge for SaaS (software as a service) cloud computing systems is guaranteeing user-level security. For this end, some approaches and systems have been proposed for virtual machine in cloud platform. However, the integrity measurement methods used in virtual machine, cannot detect dynamic attacks, such as measuring applications periodically or statically (measuring before execution). This paper first presents an In-Out-VM dynamic measurement architecture (IODMA) especially for Xen virtual machine (VM), which aims at user´s running applications rather than static executable files. By comparison, it has advantages in three aspects. Firstly, it detects dynamic attacks and has a better performance than the static ones. Secondly, the measurements are done at any time on demand rather than at specific time. Thirdly, it supports fine-grained protection such as measuring the code segment and the argument segment separately. In addition, it is implemented by a hybrid of In-VM method and Out-of-VM method. The In-VM part of the hybrid effectively reduces the switching overheads between privileged virtual machine and guest virtual machines, while the Out-of-VM part improves the security. Finally, an implementation of IODMA is given equipped with the Trusted Platform Module (TPM), which achieves above goals with good performance.
  • Keywords
    cloud computing; operating systems (computers); trusted computing; virtual machines; IODMA; In-Out-VM dynamic measurement architecture; In-Out-VM measurement architecture; SaaS; TPM; VM; Xen virtual machine; cloud computing systems; cloud platform; dynamic attacks; integrity measurement methods; software as a service; trusted platform module; In-VM monitoring; Out-of-VM monitoring; Trusted Platform Module; dynamic integrity measurement; virtual machine;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Communication Technology (ICCT), 2012 IEEE 14th International Conference on
  • Conference_Location
    Chengdu
  • Print_ISBN
    978-1-4673-2100-6
  • Type

    conf

  • DOI
    10.1109/ICCT.2012.6511306
  • Filename
    6511306