Abstract
Virtual machine introspection is a valuable approach for malware analysis and forensic evidence collection on virtual machines. However, there are no feasible solutions how it can be used in production systems of cloud providers. In this paper, we present the CloudPhylactor architecture. It harnesses the mandatory access control of Xen to grant dedicated monitoring virtual machines the rights to access the main memory of other virtual machines in order to run introspection operations. This allows customers to create monitoring virtual machines that have access to perform VMI-based operations on their production virtual machines. With our prototype implementation, we show that our approach does not introduce performance drawbacks and gives cloud customers full control to do introspection on their virtual machines. We also show that the impact of successful attacks to the monitoring framework is reduced.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
