Title :
Modeling the Runtime Integrity of Cloud Servers: A Scoped Invariant Perspective
Author :
Wei, Jinpeng ; Pu, Calton ; Rozas, Carlos V. ; Rajan, Anand ; Zhu, Feng
Author_Institution :
Florida Int. Univ., Miami, FL, USA
fDate :
Nov. 30 2010-Dec. 3 2010
Abstract :
One of the underpinnings of Cloud Computing security is the runtime integrity of individual Cloud servers. Due to the on-going discovery of runtime software vulnerabilities like buffer overflows, it is critical to be able to gauge the integrity of a Cloud server as it operates. In this paper, we propose scoped invariants as a primitive for analyzing the software system for its integrity properties. We report our experience with the modeling and detection of scoped invariants. The Xen Virtual Machine Manager is used for a case study. Our research detects a set of essential scoped invariants that are critical to the runtime integrity of Xen. One such property, that the addressable memory limit of a guest OS must not include Xen´s code and data, is indispensable for Xen´s guest isolation mechanism. The violation of this property demonstrates that the attacker only needs to modify a single byte in the Global Descriptor Table to achieve his goal.
Keywords :
cloud computing; data integrity; security of data; virtual machines; Xen virtual machine manager; cloud computing security; cloud server; global descriptor table; runtime integrity; scoped invariant perspective; software vulnerabilities; Cloud computing; Monitoring; Runtime; Security; Servers; Software; Software measurement; Xen; integrity modeling; invariants detection; tools;
Conference_Titel :
Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on
Conference_Location :
Indianapolis, IN
Print_ISBN :
978-1-4244-9405-7
Electronic_ISBN :
978-0-7695-4302-4
DOI :
10.1109/CloudCom.2010.29
