OB‐IMA: out‐of‐the‐box integrity measurement approach for guest virtual machines

Abstract

SummaryInfrastructure as a Service cloud provides elasticity and scalable virtual machines (VMs) as computing service to multiple tenants, but the tenants lose the full control of their data. Measuring the integrity of critical files of the VMs and providing the integrity attestation to the tenants on the basis of TCG trusted computing techniques is an effective way to alleviate their anxiety. This paper considers how to measure the integrity of the processes run in guest VMs and files opened in guest VMs. We propose an out‐of‐the‐box integrity measurement approach to measure the integrity of critical files through system call (syscall) interception without any modification of the guest VMs. Out‐of‐the‐box integrity measurement approach can not only measure the integrity of all files that have been considered by existing approaches but also measure the integrity of the system configuration files, program loaders, and script interpreters, which affect the system behaviors and integrity. The ability of supporting both system and manual measurement policies makes our approach flexible. We implement this approach in Xen hypervisor with little modification of the existing syscall interception method, and this approach can be ported to other virtualization platform easily. Copyright © 2014 John Wiley & Sons, Ltd.