By Topic

A Security Management Architecture for the Protection of Kernel Virtual Machines

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Flavio Lombardi ; DCSPI -Sist. Informativi, Consiglio Naz. delle Ric., Rome, Italy ; Roberto Di Pietro

Virtualization is being pervasively adopted in a variety of scenarios ranging from regular desktop PCs to server farms and clusters. Indeed, the security of guest virtual machines and of the applications and services they host can be improved by leveraging the additional architectural layer introduced by such a technology. This paper discusses security management for virtualized environments and provides several contributions. First, a novel architecture (Kvm-SMA) with the following features is detailed: it can protect guest integrity from both remote and local attacks such as root-kits, viruses, and worms; it is not circumventable and it is completely transparent to guest machines; it can asynchronously analyze guest data and monitor guest system behavior. Second, the proposed architecture has been implemented entirely on open source software and can be replicated to both Linux and Windows guests. Third the effectiveness and efficiency of the proposed architecture is shown. The former is proved showing the results of root-kit detection test, while the latter is supported by standard performance tests showing that the introduced overhead is small. Finally, a distinguishing feature of our monitoring system proposal is that it is immune to timing attacks: that is, an adversary cannot notice the monitoring system is active by analyzing the time required to perform system calls. We believe that security management of both single virtualized hosts and distributed virtualized systems can benefit from our proposal.

Published in:

Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on

Date of Conference:

June 29 2010-July 1 2010