Abstract
The Cloud attempts to provide its users with automatically scalable platforms to host many applications and operating systems. To allow for quick deployment, they are often homogenised to a few images, restricting the variations used within the Cloud. An exploitable vulnerability stored within an image means that each instance will suffer from it and as a result, an attacker can be sure of a high pay-off for their time. This makes the Cloud a prime target for malicious activities. There is a clear requirement to develop an automated and computationally-inexpensive method of discovering malicious behaviour as soon as it starts, such that remedial action can be adopted before substantial damage is caused. In this paper we propose the use of Mini-OS, a virtualised operating system that uses minimal resources on the Xen virtualisation platform, for analysing the memory space of other guest virtual machines. These detectors, which we call Forensic Virtual Machines (FVMs), are lightweight such that they are inherently computationally cheap to run. Such a small footprint allows the physical host to run numerous instances to find symptoms of malicious behaviour whilst potentially limiting attack vectors. We describe our experience of developing FVMs and how they can be used to complement existing methods to combat malware. We also evaluate them in terms of performance and the resources that they require.
Original language | English |
---|---|
Title of host publication | Proceedings - 2014 IEEE International Conference on Cloud Engineering, IC2E 2014 |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 303-310 |
Number of pages | 8 |
ISBN (Print) | 9781479937660 |
DOIs | |
Publication status | Published - 18 Sept 2014 |
Event | 2nd IEEE International Conference on Cloud Engineering, IC2E 2014 - Boston, United States Duration: 10 Mar 2014 → 14 Mar 2014 |
Conference
Conference | 2nd IEEE International Conference on Cloud Engineering, IC2E 2014 |
---|---|
Country/Territory | United States |
City | Boston |
Period | 10/03/14 → 14/03/14 |
Keywords
- cloud computing
- forensics
- introspection
- intrusion detection
- monitoring
- security
- virtual machine
- virtualization
- Xen
ASJC Scopus subject areas
- Software