Abstract
Cloud computing has a most vulnerable security concerns as virtualization. This paper presents a Trace-enable Virtualization protection framework named TVGuarder, which protects IaaS user's important data from being illegally accessed or maliciously damaged by insider attacks. A threat model is established to characterize cloud-oriented insider attacks and countermeasures are proposed in TVGuarder. First, LSM hooks in host OS kernel are leveraged to enforce that VM images could only be accessed by host virtualization service. Second, a trusted loading mechanism is proposed to prevent tampered or disguised virtualization process from being executed in Host OS. Third, a log-based back tracing mechanism is designed to record full call trace of VM operations and guarantee that only legitimate VM operations are allowed. TVGuarder has been implemented in Openstack platform and several comprehensive experiments are conducted. Experimental results show that TVGuarder can identify several important insider attacks and protect virtual machine images with only a small performance degradation.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: International Journal of Grid and High Performance Computing
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.