Efficient retrieval of key material for inspecting potentially malicious traffic in the cloud

John T. Saxon, Behzad Bordbar, Keith Harrison

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Cloud providers must detect malicious traffic in and out of their network, virtual or otherwise. The use of Intrusion Detection Systems (IDS) has been hampered by the encryption of network communication. The result is that current signatures cannot match potentially malicious requests. A method to acquire the encryption keys is Virtual Machine Introspection (VMI). VMI is a technique to view the internal, and yet raw, representation of a Virtual Machine (VM). Current methods to find keys are expensive and use sliding windows or entropy. This inevitably requires reading the memory space of the entire process, or worse the OS, in a live environment where performance is paramount. This paper describes a structured walk of memory to find keys, particularly RSA, using as fewer reads from the VM as possible. In doing this we create a scalable mechanism to populate an IDS with keys to analyse traffic.

Original languageEnglish
Title of host publicationProceedings - 2015 IEEE International Conference on Cloud Engineering, IC2E 2015
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages155-164
Number of pages10
ISBN (Print)9781479982189
DOIs
Publication statusPublished - 2015
Event2015 IEEE International Conference on Cloud Engineering, IC2E 2015 - Tempe, United States
Duration: 9 Mar 201512 Mar 2015

Conference

Conference2015 IEEE International Conference on Cloud Engineering, IC2E 2015
Country/TerritoryUnited States
CityTempe
Period9/03/1512/03/15

ASJC Scopus subject areas

  • Software
  • Control and Systems Engineering
  • Computer Networks and Communications
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Efficient retrieval of key material for inspecting potentially malicious traffic in the cloud'. Together they form a unique fingerprint.

Cite this