A VMM-based intrusion prevention system in cloud computing environment
作者: Hai Jin , Guofu Xiang , Deqing Zou , Song Wu , Feng Zhao
DOI: 10.1007/S11227-011-0608-2
关键词: Grid computing 、 Cloud testing 、 Computer science 、 Computer network 、 Utility computing 、 Hypervisor 、 Cloud computing security 、 Virtualization 、 Cloud computing 、 Virtual machine 、 Full virtualization 、 Distributed computing 、 End-user computing
摘要: With the development of information technology, cloud computing becomes a new direction grid computing. Cloud is user-centric, and provides end users with leasing service. Guaranteeing security user data needs careful consideration before widely applied in business. Virtualization approach to solve traditional problems can be taken as underlying infrastructure In this paper, we propose an intrusion prevention system, VMFence, virtualization-based environment, which used monitor network flow file integrity real time, provide defense protection well. Due dynamicity virtual machine, detection process varies state machine. The transition machine described via Definite Finite Automata (DFA). We have implemented VMFence on open-source platform--Xen. experimental results show our proposed method effective it brings acceptable overhead.
springer.com
acm.org
researchgate.net 
sci-hub.se 参考文章(27)
所真理雄, None, Tenth ACM Symposium on Operating Systems Principles コンピュータソフトウェア = Computer software. ,vol. 3, pp. 165- 168 ,(1986)
Danielle Chrun, Michel Cukier, Gerry Sneeringer, Finding Corrupted Computers Using Imperfect Intrusion Prevention System Event Data international conference on computer safety reliability and security. pp. 221- 234 ,(2008) , 10.1007/978-3-540-87698-4_20
P.P. Gelsinger, Microprocessors for the new millennium: Challenges, opportunities, and new frontiers international solid-state circuits conference. pp. 22- 25 ,(2001) , 10.1109/ISSCC.2001.912412
David Chisnall, The Definitive Guide to the Xen Hypervisor ,(2007)
Tal Garfinkel, Mendel Rosenblum, When virtual is harder than real: security challenges in virtual machine based computing environments hot topics in operating systems. pp. 20- 20 ,(2005)
Tal Garfinkel, Mendel Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. network and distributed system security symposium. ,(2003)
Kevin Lano, David Clark, Kelly Androutsopoulos, Safety and Security Analysis of Object-Oriented Models international conference on computer safety reliability and security. pp. 82- 93 ,(2002) , 10.1007/3-540-45732-1_10
Hai Jin, Guofu Xiang, Feng Zhao, Deqing Zou, Min Li, Lei Shi, VMFence Proceedings of the 3rd International Conference on Ubiquitous Information Management and Communication - ICUIMC '09. pp. 391- 399 ,(2009) , 10.1145/1516241.1516310
Nguyen Anh Quynh, Yoshiyasu Takefuji, A novel approach for a file-system integrity monitor tool of Xen virtual machine Proceedings of the 2nd ACM symposium on Information, computer and communications security - ASIACCS '07. pp. 194- 202 ,(2007) , 10.1145/1229285.1229313
Andy Oram, Marco Cassetti, Daniel Pierre Bovet, Understanding the Linux Kernel ,(2000)