Abstract

Controlling when and how a process runs is essential to the security of a system. In virtualized environments, an out-of-guest approach to process control is attractive because it allows fine-grained in-guest inspection and enforcement from the relative safety of the hypervisor, which makes in-guest misconfiguration by users or deliberate interference by malware more difficult. However, prior work in this area is incomplete, either lacking policy enforcement, missing certain types of malicious code due to insufficient coverage, or being unable to scale to many simultaneous guests. This work introduces Goalkeeper, a hypervisor-based security system that focuses on asynchronous, stateless, and lightweight Virtual Machine Introspection (VMI) techniques to enforce comprehensive guest process security policies at scale across tens to hundreds of guests per hypervisor. Running beneath each guest, Goalkeeper uses policy rules to ensure only whitelisted guest processes are allowed to execute, and terminates policy violators using a customizable set of VMI-based process termination techniques. In an evaluation across a population of 100 Linux virtual desktops, Goalkeeper is shown to catch malicious code that is missed by prior work while imposing a comparable performance overhead.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Maitland: Lighter-Weight VM Introspection to Support Cyber-security in the Cloud
Chris Benninger ... Yagiz Onat Yazir
-
Chris Benninger, et. al.Chris Benninger ... Yagiz Onat Yazir
01 Jun 2012
Intrusion detection techniques in cloud environment: A survey
Preeti Mishra ... Udaya Tupakula
Journal of Network and Computer Applications | VOL. 77
Preeti Mishra, et. al.Preeti Mishra ... Udaya Tupakula
20 Oct 2016
Exploring VM Introspection
Sahil Suneja ... Canturk Isci
ACM SIGPLAN Notices | VOL. 50
Sahil Suneja, et. al.Sahil Suneja ... Canturk Isci
14 Mar 2015
CloudVMI: A Cloud-Oriented Writable Virtual Machine Introspection
Weizhong Qiang ... Hai Jin
IEEE Access | VOL. 5
Weizhong Qiang, et. al.Weizhong Qiang ... Hai Jin
01 Jan 2017
View more papers

More From: Computers & Security

Paper Title
Journal
Date
Author
Navigating Challenging Terrain Surrounding DoD Response to Homeland Attacks on Critical Infrastructure: Case Studies of Prior Incidents Utilizing an Extended Taxonomy of Cyber Harms
Louis Nolan ... Deanna House
Computers & Security | VOL. -
Louis Nolan, et. al.Louis Nolan ... Deanna House
01 Nov 2024
Covert timing channel detection based on isolated binary trees
Yuwei Lin ... Xiaolong Zhuang
Computers & Security | VOL. -
Yuwei Lin, et. al.Yuwei Lin ... Xiaolong Zhuang
01 Nov 2024
RanSMAP: Open dataset of Ransomware Storage and Memory Access Patterns for creating deep learning based ransomware detectors
Manabu Hirano ... Ryotaro Kobayashi
Computers & Security | VOL. -
Manabu Hirano, et. al.Manabu Hirano ... Ryotaro Kobayashi
01 Nov 2024
Trust my IDS: An explainable AI integrated deep learning-based transparent threat detection system for industrial networks
Shifa Shoukat ... Muhammad Adil
Computers & Security | VOL. -
Shifa Shoukat, et. al.Shifa Shoukat ... Muhammad Adil
01 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.