Introspecting for RSA Key Material to Assist Intrusion Detection

John Saxon, Behzad Bordbar, Keith Harrison

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)

Abstract

Although the deployment of TLS has been of great importance to its users in preventing eavesdroppers from reading personal data, it also prevents intrusion detection systems (IDSs) from completing their own tasks, as they are, in essence, eavesdroppers themselves. Cloud providers specifically are at risk because of the pure mass of data they accrue over the many applications they serve, so they have a responsibility to protect both themselves and their users. Without the keys, however, they can't provide the service they require. A method to acquire these keys is to use virtual machine introspection (VMI), a technique that allows an application to read the internal state of a virtual machine. Current methods are expensive and require the application to read the entire virtual machine's memory. The authors present an efficient approach to acquire RSA keys, commonly used on the Internet, using the forensic virtual machine (FVM) framework. This framework provides the ability, from another virtual machine to use VMI to find, analyze, and act on these findings.
Original languageEnglish
Pages (from-to)30-38
JournalIEEE Cloud Computing
Volume2
Issue number5
DOIs
Publication statusPublished - 1 Sept 2015

Fingerprint

Dive into the research topics of 'Introspecting for RSA Key Material to Assist Intrusion Detection'. Together they form a unique fingerprint.

Cite this