TY - GEN
T1 - VM introspection-based allowlisting for IaaS
AU - Fargo, Farah
AU - Franza, Olivier
AU - Tunc, Cihan
AU - Hariri, Salim
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/12/14
Y1 - 2020/12/14
N2 - Cloud computing has become the main backend of the IT infrastructure as it provides ubiquitous and on-demand computing to serve to a wide range of users including end-users and high-performance demanding agencies. The users can allocate and free resources allocated for their Virtual Machines (VMs) as needed. However, with the rapid growth of interest in cloud computing systems, several issues have arisen especially in the domain of cybersecurity. It is a known fact that not only the malicious users can freely allocate VMs, but also they can infect victims' VMs to run their own tools that include cryptocurrency mining, ransomware, or cyberattacks against others. Even though there exist intrusion detection systems (IDS), running an IDS on every VM can be a costly process and it would require fine configuration that only a small subset of the cloud users are knowledgeable about. Therefore, to overcome this challenge, in this paper we present a VM introspection based allowlisting method to be deployed and managed directly by the cloud providers to check if there are any malicious software running on the VMs with minimum user intervention. Our middleware monitors the processes and if it detects unknown events, it will notify the users and/or can take action as needed.
AB - Cloud computing has become the main backend of the IT infrastructure as it provides ubiquitous and on-demand computing to serve to a wide range of users including end-users and high-performance demanding agencies. The users can allocate and free resources allocated for their Virtual Machines (VMs) as needed. However, with the rapid growth of interest in cloud computing systems, several issues have arisen especially in the domain of cybersecurity. It is a known fact that not only the malicious users can freely allocate VMs, but also they can infect victims' VMs to run their own tools that include cryptocurrency mining, ransomware, or cyberattacks against others. Even though there exist intrusion detection systems (IDS), running an IDS on every VM can be a costly process and it would require fine configuration that only a small subset of the cloud users are knowledgeable about. Therefore, to overcome this challenge, in this paper we present a VM introspection based allowlisting method to be deployed and managed directly by the cloud providers to check if there are any malicious software running on the VMs with minimum user intervention. Our middleware monitors the processes and if it detects unknown events, it will notify the users and/or can take action as needed.
KW - Cloud attacks
KW - Cloud computing
KW - IaaS
KW - Infrastructure as a service
KW - Virtual machine introspection VMI
UR - http://www.scopus.com/inward/record.url?scp=85100944533&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85100944533&partnerID=8YFLogxK
U2 - 10.1109/IOTSMS52051.2020.9340190
DO - 10.1109/IOTSMS52051.2020.9340190
M3 - Conference contribution
AN - SCOPUS:85100944533
T3 - 2020 7th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2020
BT - 2020 7th International Conference on Internet of Things
A2 - Boubchir, Larbi
A2 - Benkhelifa, Elhadj
A2 - Jararweh, Yaser
A2 - Saleh, Imad
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 7th International Conference on Internet of Things: Systems, Management and Security, IOTSMS 2020
Y2 - 14 December 2020 through 16 December 2020
ER -