Abstract
In the last several years, an increasing number of attacks targeting services running on computing systems have been designed and deployed. Such attacks typically tend to overuse some of the system resources, e.g., CPU, memory, or storage. Current solutions are attack specific, i.e., they are designed for a specific malware or a specific set of malware that share the same resource usage profile and are mainly based on the underlying hypothesis that it is possible to measure the amount of resources used by each service under control. Such possibility is clearly available within modern operating systems, but using such measuring tools is nontrivial and limits their applicability. The advent of user-level virtualization systems may change this attitude. In this paper, we propose and validate a methodology for simplifying the measurements of resources used by a software service. Our approach uses the isolation properties of a containerized virtualization system in order to properly measure all the resources used by a specific service, even if it splits itself into different workers. At the same time, using the resource limitation functionalities provided by the virtualization system, we propose a methodology that can be used to limit the effects of malware by limiting the amount of resources that can be accessed on a system. In order to demonstrate the effectiveness of our approach, we consider the specific case of attacks targeting the overuse of power consumption.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: IEEE Transactions on Instrumentation and Measurement
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.