Forensic virtual machines: Dynamic defence in the cloud via introspection

Adrian L. Shaw*, Behzad Bordbar, John Saxon, Keith Harrison, Chris I. Dalton

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Citations (Scopus)


The Cloud attempts to provide its users with automatically scalable platforms to host many applications and operating systems. To allow for quick deployment, they are often homogenised to a few images, restricting the variations used within the Cloud. An exploitable vulnerability stored within an image means that each instance will suffer from it and as a result, an attacker can be sure of a high pay-off for their time. This makes the Cloud a prime target for malicious activities. There is a clear requirement to develop an automated and computationally-inexpensive method of discovering malicious behaviour as soon as it starts, such that remedial action can be adopted before substantial damage is caused. In this paper we propose the use of Mini-OS, a virtualised operating system that uses minimal resources on the Xen virtualisation platform, for analysing the memory space of other guest virtual machines. These detectors, which we call Forensic Virtual Machines (FVMs), are lightweight such that they are inherently computationally cheap to run. Such a small footprint allows the physical host to run numerous instances to find symptoms of malicious behaviour whilst potentially limiting attack vectors. We describe our experience of developing FVMs and how they can be used to complement existing methods to combat malware. We also evaluate them in terms of performance and the resources that they require.

Original languageEnglish
Title of host publicationProceedings - 2014 IEEE International Conference on Cloud Engineering, IC2E 2014
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages8
ISBN (Print)9781479937660
Publication statusPublished - 18 Sept 2014
Event2nd IEEE International Conference on Cloud Engineering, IC2E 2014 - Boston, United States
Duration: 10 Mar 201414 Mar 2014


Conference2nd IEEE International Conference on Cloud Engineering, IC2E 2014
Country/TerritoryUnited States


  • cloud computing
  • forensics
  • introspection
  • intrusion detection
  • monitoring
  • security
  • virtual machine
  • virtualization
  • Xen

ASJC Scopus subject areas

  • Software


Dive into the research topics of 'Forensic virtual machines: Dynamic defence in the cloud via introspection'. Together they form a unique fingerprint.

Cite this