Qiang Wu,Ran Wang,Xincheng Yan,Chunming Wu,Rongxing Lu

DOI: https://doi.org/10.1109/MWC.001.2100251

IF: 12.777

2022-01-01

IEEE Wireless Communications

Abstract:Opening-up sharing has prompted the multi-tenancy architecture, whereby different vendors (including outsourcees) work together with network operators to form a vibrant service ecosystem, resulting in several advantages as well as risks. In particular, the static nature of existing architectures in network functions virtualization-based (NFV-based) clouds facilitate hacking. Thus, much attention has been focused on determining how to avoid the uncontrollable cloud security induced by complex production relations and non-trustworthy software/hardware sources when the two sets of security risks intersect. In this article, we investigate latent persistent threats against cloud environments and determine a high degree of complementarity and consistency between the NFV-based cloud environment and the dynamic defense concept. More specifically, new NFV-based cloud features provide an effective implementation for dynamic defense, while the generalized robustness of dynamic defense theory allows for high security gains. Intrinsic cloud security (iCS) is then proposed to align NFV-based clouds, mimicking defense and the moving target defense (MTD) paradigm to implement a seamless integration and symbiosis evolution between security and NFV-based clouds. We quantify the impact on system overhead to account for efficiency and cost issues. The simulation analysis demonstrates that the enhanced mode is able to consistently obtain a more beneficial and stable defense compared with the counterparts.

Yaqiang Mao,Xujian Chen,Yuan Luo

DOI: https://doi.org/10.1049/cp.2014.1285

2014-01-01

Abstract:As a basic cloud service model, the Infrastructure-as-aService (IaaS) provides fundamental computing resources for PaaS and SaaS with a guaranteed ability to reduce costs and improve resource efficiency. Virtualization plays a crucial role to support the IaaS. However, it is not safety because of exposing the hosted virtual machines (VMs) to uncontrollable environment. In addition, traditional in-guest security solutions, relying on operation system kernel trustworthiness, are no longer effective to virtual infrastructure. In this paper, we introduce HVSM (Hybrid Virtualization Security Monitor) to deal with above security problems, which is a new In-OutVM hybrid virtualization-aware architecture depending on lightweight, comprehensive and dynamic security monitoring. First, as to Hybrid, HVSM utilizes virtual machine introspection technique to inspect kernel running state of the guest VM (GVM) from outside. Inside the GVM, measure agent (MA) tests and delivers processes' integrity information to security VM (SVM). In succession, MA is in the guard of measure agent keeper (MAK) running in the SVM. Second, dynamically, HVSM combines kernel state information with processes' integrity so as to provide a security report on GVM. Third, a proof-of-concept prototype is implemented using libvmi based on Xen hypervisor. Finally, we evaluate efficiency and the performance overhead of HVSM, which is acceptably low to support real-time monitoring.

Si Yu,Xiaolin Gui,Jiancai Lin,Feng Tian,Jianqiang Zhao,Min Dai

DOI: https://doi.org/10.1155/2014/805923

2014-01-01

The Scientific World JOURNAL

Abstract:Cloud computing gets increasing attention for its capacity to leverage developers from infrastructure management tasks. However, recent works reveal that side channel attacks can lead to privacy leakage in the cloud. Enhancing isolation between users is an effective solution to eliminate the attack. In this paper, to eliminate side channel attacks, we investigate the isolation enhancement scheme from the aspect of virtual machine (VM) management. The security-awareness VMs management scheme (SVMS), a VMs isolation enhancement scheme to defend against side channel attacks, is proposed. First, we use the aggressive conflict of interest relation (ACIR) and aggressive in ally with relation (AIAR) to describe user constraint relations. Second, based on the Chinese wall policy, we put forward four isolation rules. Third, the VMs placement and migration algorithms are designed to enforce VMs isolation between the conflict users. Finally, based on the normal distribution, we conduct a series of experiments to evaluate SVMS. The experimental results show that SVMS is efficient in guaranteeing isolation between VMs owned by conflict users, while the resource utilization rate decreases but not by much.

Si Yu,Xiaolin Gui,Feng Tian,Pan Yang,Jianqiang Zhao

DOI: https://doi.org/10.1109/hpcc.and.euc.2013.152

2013-01-01

Abstract:Recent work reveals that side channel attacks (SCA) can lead to leakage of user privacy in the cloud. Enhancing the isolation between users is an effective solution to eliminate the attacks. However, to achieve the stronger isolation, the existing schemes require the sophisticated decision making systems and specific monitoring systems, which may degrade the efficiency of the system. In this paper, to eliminate the SCA, we investigate the isolation enhancement from a novel perspective - VM placement. And the security-awareness VMs placement scheme (SVMPS) is proposed. In this scheme, we use the aggressive conflict of interest relation (ACIR) to describe the constraint relations for users; based on the Chinese wall policy, we put forward the isolation rules to formulate the VMs placement behavior; according to the isolation rules, we design the VMs placement solution calculated algorithm to enforce the VMs placement. The experimental results demonstrate that SVMPS is efficient in guaranteeing the isolation between conflict users, while the resource utilization rate decreases not too much.

Maziar Janbeglou,WeiQi Yan

DOI: https://doi.org/10.1007/978-3-642-30867-3_42

2013-01-01

Abstract:Cloud computing has been introduced as a tool for improving IT proficiency and business responsiveness for organizations as it delivers flexible hardware and software services as well as providing an array of fundamentally systematized IT processes. Despite its many advantages, cloud computing security has been a major concern for organizations that are making the transition towards usage of this technology. In this paper, we focus on improving cloud computing security by managing and isolating shared network resources in bridge-mode hypervisors.

Fengzhe Zhang,Jin Chen,Haibo Chen,Binyu Zang

DOI: https://doi.org/10.1145/2043556.2043576

2011-01-01

Abstract:Multi-tenant cloud, which usually leases resources in the form of virtual machines, has been commercially available for years. Unfortunately, with the adoption of commodity virtualized infrastructures, software stacks in typical multi-tenant clouds are non-trivially large and complex, and thus are prone to compromise or abuse from adversaries including the cloud operators, which may lead to leakage of security-sensitive data.In this paper, we propose a transparent, backward-compatible approach that protects the privacy and integrity of customers' virtual machines on commodity virtualized infrastructures, even facing a total compromise of the virtual machine monitor (VMM) and the management VM. The key of our approach is the separation of the resource management from security protection in the virtualization layer. A tiny security monitor is introduced underneath the commodity VMM using nested virtualization and provides protection to the hosted VMs. As a result, our approach allows virtualization software (e.g., VMM, management VM and tools) to handle complex tasks of managing leased VMs for the cloud, without breaking security of users' data inside the VMs.We have implemented a prototype by leveraging commercially-available hardware support for virtualization. The prototype system, called Cloud Visor, comprises only 5.5K LOCs and supports the Xen VMM with multiple Linux and Windows as the guest OSes. Performance evaluation shows that Cloud Visor incurs moderate slow-down for I/O intensive applications and very small slowdown for other applications.

Weiwen Tang,Zeyu Mi

DOI: https://doi.org/10.1109/sose.2018.00031

2018-01-01

Abstract:In JointCloud computing, the hypervisor used by each cloud plays a key role in providing services and protection for guest virtual machines (VMs). Unfortunately, the commodity hypervisor usually has a considerable attack surface and its memory is especially prone to be tampered with by an attacker who resides in one VM and then threatens the security of other co-located VMs. To mitigate such threat, previous solutions proposed an out-of-the-box design which leverages the nested virtualization to introduce a higher privileged software layer (a nested hypervisor) below the hypervisor. It also installs a security monitor into a trusted VM which is protected by the nested hypervisor and isolated from the untrusted hypervisor. The monitor is responsible for dynamically validating the behaviors of the untrusted hypervisor. Although monitoring from outside of the hypervisor can help ensure security, the large number of context switches caused by the nested virtualization incurs unacceptable overheads and makes this approach unsuitable for the cloud environment. In this paper, we introduce In-Hypervisor Memory Introspection (IHMI), an in-the-box way to monitor the hypervisor based on the nested virtualization. Our system puts the monitor into the untrusted hypervisor for efficiency while guaranteeing the same level of memory security as monitoring the hypervisor from a separated secure VM. By leveraging hardware virtualization features of current processors, IHMI isolates the monitor from the hypervisor via the nested page table and implements an efficient switch between them. Further, IHMI configures a uni-directional mapping for the monitor which allows the monitor to access the hypervisor's memory at native speed while forbidding the hypervisor from accessing the monitor's memory. Our IHMI system is currently still in an early stage and we report our design as well as preliminary evaluation results in this paper.

LIU Yu-tao,CHEN Hai-bo

DOI: https://doi.org/10.11959/j.issn.2096-109x.2016.00091

2016-01-01

Abstract:The virtualization security has increasingly drawn widespread attention with the spread of cloud computing in recent years.Thanks to another level of indirection,virtualization can provide stronger isolation mechanisms,as well as bottom-up security services for upper-level software.On the other side,the extra indirection brings complexity and overhead as well,which poses huge challenges.A series of recent representative work done by the institute of parallel and distributed system shanghai jiaotong university,including providing security services of trusted execution environment,virtual machine monitoring,intra-domain isolation,as well as optimizing trusted computing base and cross-world calls in the virtualization environment.Finally the problems and directions in the space of virtualization security were summarized.

Qian Liu,Chuliang Weng,Minglu Li,Yuan Luo

DOI: https://doi.org/10.1109/MSP.2010.143

IF: 3.105

2010-01-01

IEEE Security & Privacy

Abstract:Cloud computing relies heavily on virtualization. Virtualization technology has developed rapidly because of the rapid decrease in hardware cost and concurrent increase in hardware computing power. A virtual machine monitor (VMM, also called a hγpervisor) between the hardware and the OS enables multiple virtual machines (VMs) to run on top of a single physical machine. The VMM manages scheduling and dispatching the physical resources to the individual VMs as needed, and the VMs appear to users as separate computers. Widely used virtualization technologies include VMWare, Xen, Denali, and the Kernel-Based Virtual Machine (KVM). In this framework, a module measures executables running in virtual machines (VMs) and transfers the values to a trusted VM. Comparing those values to a reference table containing the trusted measurement values of running executables verifies the executable/s status.

Dongyang Zhan,Kai Tan,Lin Ye,Haining Yu,Hao Liu

DOI: https://doi.org/10.32604/cmc.2021.019432

2021-01-01

Abstract:: Cloud computing plays an important role in today’s Internet environment, which meets the requirements of scalability, security and reliability by using virtualization technologies. Container technology is one of the two mainstream virtualization solutions. Its lightweight, high deployment effi-ciency make container technology widely used in large-scale cloud computing. While container technology has created huge benefits for cloud service providers and tenants, it cannot meet the requirements of security monitoring and management from a tenant perspective. Currently, tenants can only run their security monitors in the target container, but it is not secure because the attacker is able to detect and compromise the security monitor. In this paper, a secure external monitoring approach is proposed to monitor target containers in another management container. The management container is transparent for target containers, but it can obtain the executing information of target containers, providing a secure monitoring environment. Security monitors running inside management containers are secure for the cloud host, since the management containers are not privileged. We implement the transparent external management containers by performing the one-way isolation of processes and files. For process one-way isolation, we leverage Linux namespace technology to let management container become the parent of target containers. By mounting the file system of target container to that of the management container, file system one-way isolation is achieved. Compared with the existing host-based monitoring approach, our approach is more secure and suitable in the cloud environment.

Chonghua Wang,Xiao-chun Yun,Zhiyu Hao,Lei Cui,Yandong Han,Qingxin Zou

DOI: https://doi.org/10.1007/978-3-319-27137-8_32

2015-01-01

Abstract:Upon practical implementation of virtual machine introspection (VMI), administrators may be overwhelmed by dozens of research works. Specifically, the adopted introspection mechanism perform differently with regard to various performance and security requirements. Besides, most of previous works do not clarify the boundary between Trusted Computing Base (TCB) and attacks towards introspection. This paper aims to help administrators to determine the appropriate introspection approach. Firstly, we summarize current VMI technologies, and present a classification method mainly depending on whether hardware assistance is required, how it solves the semantic gap problem and how introspection is triggered. Secondly, we discuss how to achieve a good trade-off between the two metrics of performance and security. Thirdly, we propose a TCB threat model to employ VMI along with other enhancing mechanism to tackle attacks in different levels of TCB. Finally, we discuss some future trends related to VMI for further improving security.

Chonghua Wang,Zhiyu Hao,Xiaochun Yun

DOI: https://doi.org/10.1007/978-3-319-75160-3_29

2017-01-01

Abstract:Cloud platforms of large enterprises are witnessing increasing adoption of the Virtual Machine Introspection (VMI) technology for building a wide range of VM monitoring applications including intrusion detection systems, virtual firewall, malware analysis, and live memory forensics. In our analysis and comparison of existing VMI systems, we found that most systems suffer one or more of the following problems: intrusiveness, time lag and OS-dependence, which are not well suited to clouds in practice. To address these problems, we present NOR, a non-intrusive, real-time and OS-agnostic introspection system for virtual machines in cloud environment. It employs event-driven monitoring and snapshot polling cooperatively to reconstruct the memory state of guest VMs. In our evaluation, we show NOR is capable of monitoring activities of guest VMs instantaneously with minor performance overhead. We also design some case studies to show that NOR is able to detect kernel rootkits and mitigate transient attacks for different Linux systems.

Jia Xu,Jia Yan,Liang He,Purui Su,Dengguo Feng

DOI: https://doi.org/10.1109/CloudCom.2010.16

2010-01-01

Abstract:Massive Internet invasions implemented through the distributed platform fabricated by rapid diffusion of malwares, has become a significant issue in network security. We argue that the notion of “Collaborative Security” is an emerging trend in resisting distributed attacks originated from malware. Therefore, this paper proposes a new architecture: CloudSEC, for composing collaborative security-related services in clouds, such as correlated intrusion analysis, anti-spam, anti-DDOS, automated malware detection and containment. CloudSEC is modeled as a dynamic peer-to-peer overlay hierarchy with three types of top-down architectural components. Based on, this architecture, both data distribution and task scheduling overlays can be simultaneously implemented in a loosely coupled fashion, which can efficiently retrieve data resources from heterogeneous network security facilities, and harness distributed collection of computational resources to process data-intensive tasks. Hence, CloudSEC endues the network security infrastructure with the capability of dynamic adaptation and collaboration on an inter-organizational scale. The results of preliminary evaluation demonstrate that, CloudSEC not only delivers a sample service of distributed intrusion correlation with high scalability and robustness, but also achieves remarkable effectiveness in data sharing and task scheduling.

Shantanu Pal,Sunirmal Khatua,Nabendu Chaki,Sugata Sanyal

DOI: https://doi.org/10.48550/arXiv.1108.4100

2011-08-20

Cryptography and Security

Abstract:In order to determine the user's trust is a growing concern for ensuring privacy and security in a cloud computing environment. In cloud, user's data is stored in one or more remote server(s) which poses more security challenges for the system. One of the most important concerns is to protect user's sensitive information from other users and hackers that may cause data leakage in cloud storage. Having this security challenge in mind, this paper focuses on the development of a more secure cloud environment, to determine the trust of the service requesting authorities by using a novel VM (Virtual Machine) monitoring system. Moreover, this research aims towards proposing a new trusted and collaborative agent-based two-tier framework, titled WAY (Who Are You?), to protect cloud resources. The framework can be used to provide security in network, infrastructure, as well as data storage in a heterogeneous cloud platform. If the trust updating policy is based on network activities, then the framework can provide network security. Similarly, it provides storage security by monitoring unauthorized access activities by the Cloud Service Users (CSU). Infrastructure security can be provided by monitoring the use of privileged instructions within the isolated VMs. The uniqueness of the proposed security solution lies in the fact that it ensures security and privacy both at the service provider level as well as at the user level in a cloud environment.

Rui Wu,Ping Chen,Peng Liu,Bing Mao

DOI: https://doi.org/10.1109/DSN.2014.59

2014-01-01

Abstract:Existing VMI techniques have high overhead, and require customized introspection programs/tools for different guest OS versions - lack of generality. In this paper, we present Shadow Context, a system for close-to-real time manual-effort-free VMI. Shadow Context can meet several important real-world VMI needs which existing VMI techniques cannot. Compared to other automatic introspection tool generation techniques, Shadow Contexthas two merits: (1) Its overhead is significantly less. It achieves close-to-real time VMI. (2) It significantly improves the practical usefulness of introspection tools by allowing one introspection program to inspect a variety of guest OS versions. These merits are achieved via a new concept called \"Shadow Context\" which allows the guest OSessystem call code to be reused inside a \"shadowed\" portion of the context of the out-of-guest inspection program. Besides, Shadow Context is secure enough to defend against a variety of real world attacks. Shadow Context is designed, implemented and systematically evaluated. Experimental results show that the performance overhead is about 75%with a median initialization time of 0.117 milliseconds.

Pengze Guo,Yongkai Zhou,Zhi Xue,Xinxing Yin,Liang Pang,Yan Zhu,Xiao Chen,Fangbiao Li

2014-01-01

Abstract:The past decade has witnessed the rapid development of cloud computing. Virtualization, which is the basis of delivering Infrastructure as a Service (IaaS), has led to an explosive growth in the cloud computing industry. Meanwhile, new threats are also introduced. This paper explores different aspects of cloud virtualization security, including security threats of virtualization infrastructure and attacks that can be launched on virtual cloud. The research mainly focuses on hypervisor security, vSwitch security and virtual machine security. The paper also discusses state-of-the-art solutions to those threats, which are beneficial for implementing effective protection methods for virtual cloud environment.

Yubin Xia,Yutao Liu,Haibo Chen

DOI: https://doi.org/10.1109/HPCA.2013.6522323

2013-01-01

Abstract:The privacy and integrity of tenant's data highly rely on the infrastructure of multi-tenant cloud being secure. However, with both hardware and software being controlled by potentially curious or even malicious cloud operators, it is no surprise to see frequent reports of data leakages or abuses in cloud. Unfortunately, most prior solutions require intrusive changes to the cloud platform and none can protect a VM against adversaries controlling the physical machine. This paper analyzes the challenges of transparent VM protection against sophisticated adversaries controlling the whole software and hardware stack. Based on the analysis, this paper proposes HyperCoffer, a hardware-software framework that guards the privacy and integrity of tenant's VMs. HyperCoffer only trusts the processor chip and makes no security assumption on external memory and devices. Hyper-Coffer extends existing processor virtualization with memory encryption and integrity checking to secure data communication with off-chip memory. Unlike prior hardware-based approaches, HyperCoffer retains transparency with existing virtual machines (i.e., operating systems) and requires very few changes to the (untrusted) hypervisor. HyperCoffer introduces a mechanism called VM-Shim that runs in-between a guest VM and the hypervisor. Each VM-Shim instance for a VM runs in a separate protected context and only declassifies necessary information designated by the VM to the hypervisor and external environments (e.g., through NICs). We have implemented a prototype of HyperCoffer in a QEMU-based full-system emulator and the VM-Shim mechanism in a real machine. Performance measurement using trace-based simulation and on a real hardware platform shows that the performance overhead is small (ranging from 0.6% to 13.9% on simulated platform and 0.3% to 6.8% on real hardware for the VM-Shim mechanism).

Pengfei Sun,Qingni Shen,Liang Gu,Yangwei Li

DOI: https://doi.org/10.1109/anthology.2013.6784967

2013-01-01

Abstract:Virtualization technologies enable multi-tenancy cloud business models by providing a scalable, shared resource platform for all tenants. Computing capacity, storage, and network are shared between multi-tenants. However, placing different customers' workloads on the same virtualization platform may lead to security vulnerabilities, which include the failure of mechanisms separating storage, memory, routing, and even reputation between different tenants of the shared infrastructure. The co-location of many customers inevitably causes conflict for the cloud provider as customers' communication security requirements are likely to be divergent from each other. In this paper, we introduce Multi-lateral Security concept to multi-tenancy cloud platform. It is difficult to analyze policies defined by consumers in the same virtualization platform in order to guarantee configuration stability given that policies may have conflicts leading to unpredictable effects. We present the Multilateral Security Architecture for Virtualization platform (VPMS) which enables the multilateral security for consumers.

Yue-hua Dai,Xiaoguang Wang,Yi Shi,Jianbao Ren,Yong Qi

DOI: https://doi.org/10.1109/iccchina.2012.6356995

2012-01-01

Abstract:The use of virtualization in cloud computing is becoming more and more popular. Cloud service providers leverage virtualization technology to multiplex hardware resource, consolidate servers, and provide a rounded executing environment to remote cloud users. However, the current executing environment the cloud provides is not trustable. For a user's computing environment faces threats from other malicious cloud users who aim at attacking the whole underlying virtualization software (virtual machine monitor, VMM, or hypervisor). In this paper, we make an analysis of the potential threat to a commodity hyper-visor, and propose architecture for safe executing environment on hardware-sharing platform. The main ideas of our architecture are: removal of interaction between hypervisor and executing environment; attestation of the initial environment state to remote user. To prove the effectiveness of our architecture, we build a prototype system which can create multiple secure isolated executing environment on current multi-core x86 hardware. The final evaluation shows that with current commodity virtualization techniques, we can provide a safe executing environment for remote cloud users with no performance overhead.

Lifei Wei,Haojin Zhu,Zhenfu Cao,Xiaolei Dong,Weiwei Jia,Yunlu Chen,Athanasios V. Vasilakos

DOI: https://doi.org/10.1016/j.ins.2013.04.028

IF: 8.1

2013-01-01

Information Sciences

Abstract:Cloud computing emerges as a new computing paradigm that aims to provide reliable, customized and quality of service guaranteed computation environments for cloud users. Applications and databases are moved to the large centralized data centers, called cloud. Due to resource virtualization, global replication and migration, the physical absence of data and machine in the cloud, the stored data in the cloud and the computation results may not be well managed and fully trusted by the cloud users. Most of the previous work on the cloud security focuses on the storage security rather than taking the computation security into consideration together. In this paper, we propose a privacy cheating discouragement and secure computation auditing protocol, or SecCloud, which is a first protocol bridging secure storage and secure computation auditing in cloud and achieving privacy cheating discouragement by designated verifier signature, batch verification and probabilistic sampling techniques. The detailed analysis is given to obtain an optimal sampling size to minimize the cost. Another major contribution of this paper is that we build a practical secure-aware cloud computing experimental environment, or SecHDFS, as a test bed to implement SecCloud. Further experimental results have demonstrated the effectiveness and efficiency of the proposed SecCloud.