Visible to the public VM Introspection-based Allowlisting for IaaS

TitleVM Introspection-based Allowlisting for IaaS
Publication TypeConference Paper
Year of Publication2020
AuthorsFargo, Farah, Franza, Olivier, Tunc, Cihan, Hariri, Salim
Conference Name2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS)
Date PublishedDec. 2020
ISBN Number978-0-7381-2460-5
Keywordscloud attacks, cloud computing, composability, IaaS, infrastructure as a service, Intrusion detection, middleware, Monitoring, policy-based governance, pubcrawl, ransomware, resilience, Resiliency, Tools, virtual machine introspection VMI, Virtual machining
AbstractCloud computing has become the main backend of the IT infrastructure as it provides ubiquitous and on-demand computing to serve to a wide range of users including end-users and high-performance demanding agencies. The users can allocate and free resources allocated for their Virtual Machines (VMs) as needed. However, with the rapid growth of interest in cloud computing systems, several issues have arisen especially in the domain of cybersecurity. It is a known fact that not only the malicious users can freely allocate VMs, but also they can infect victims' VMs to run their own tools that include cryptocurrency mining, ransomware, or cyberattacks against others. Even though there exist intrusion detection systems (IDS), running an IDS on every VM can be a costly process and it would require fine configuration that only a small subset of the cloud users are knowledgeable about. Therefore, to overcome this challenge, in this paper we present a VM introspection based allowlisting method to be deployed and managed directly by the cloud providers to check if there are any malicious software running on the VMs with minimum user intervention. Our middleware monitors the processes and if it detects unknown events, it will notify the users and/or can take action as needed.
Citation Keyfargo_vm_2020