TY - JOUR
T1 - Introspecting for RSA Key Material to Assist Intrusion Detection
AU - Saxon, John
AU - Bordbar, Behzad
AU - Harrison, Keith
PY - 2015/9/1
Y1 - 2015/9/1
N2 - Although the deployment of TLS has been of great importance to its users in preventing eavesdroppers from reading personal data, it also prevents intrusion detection systems (IDSs) from completing their own tasks, as they are, in essence, eavesdroppers themselves. Cloud providers specifically are at risk because of the pure mass of data they accrue over the many applications they serve, so they have a responsibility to protect both themselves and their users. Without the keys, however, they can't provide the service they require. A method to acquire these keys is to use virtual machine introspection (VMI), a technique that allows an application to read the internal state of a virtual machine. Current methods are expensive and require the application to read the entire virtual machine's memory. The authors present an efficient approach to acquire RSA keys, commonly used on the Internet, using the forensic virtual machine (FVM) framework. This framework provides the ability, from another virtual machine to use VMI to find, analyze, and act on these findings.
AB - Although the deployment of TLS has been of great importance to its users in preventing eavesdroppers from reading personal data, it also prevents intrusion detection systems (IDSs) from completing their own tasks, as they are, in essence, eavesdroppers themselves. Cloud providers specifically are at risk because of the pure mass of data they accrue over the many applications they serve, so they have a responsibility to protect both themselves and their users. Without the keys, however, they can't provide the service they require. A method to acquire these keys is to use virtual machine introspection (VMI), a technique that allows an application to read the internal state of a virtual machine. Current methods are expensive and require the application to read the entire virtual machine's memory. The authors present an efficient approach to acquire RSA keys, commonly used on the Internet, using the forensic virtual machine (FVM) framework. This framework provides the ability, from another virtual machine to use VMI to find, analyze, and act on these findings.
U2 - 10.1109/MCC.2015.100
DO - 10.1109/MCC.2015.100
M3 - Article
SN - 2325-6095
VL - 2
SP - 30
EP - 38
JO - IEEE Cloud Computing
JF - IEEE Cloud Computing
IS - 5
ER -