A security management architecture for the protection of kernel virtual machines

Flavio Lombardi, Roberto Di Pietro

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Scopus citations

Abstract

Virtualization is being pervasively adopted in a variety of scenarios ranging from regular desktop PCs to server farms and clusters. Indeed, the security of guest virtual machines and of the applications and services they host can be improved by leveraging the additional architectural layer introduced by such a technology. This paper discusses security management for virtualized environments and provides several contributions. First, a novel architecture (Kvm-SMA) with the following features is detailed: it can protect guest integrity from both remote and local attacks such as root-kits, viruses, and worms; it is not circumventable and it is completely transparent to guest machines; it can asynchronously analyze guest data and monitor guest system behavior. Second, the proposed architecture has been implemented entirely on open source software and can be replicated to both Linux and Windows guests. Third the effectiveness and efficiency of the proposed architecture is shown. The former is proved showing the results of root-kit detection test, while the latter is supported by standard performance tests showing that the introduced overhead is small. Finally, a distinguishing feature of our monitoring system proposal is that it is immune to timing attacks: that is, an adversary cannot notice the monitoring system is active by analyzing the time required to perform system calls. We believe that security management of both single virtualized hosts and distributed virtualized systems can benefit from our proposal. © 2010 IEEE.
Original languageEnglish (US)
Title of host publicationProceedings - 10th IEEE International Conference on Computer and Information Technology, CIT-2010, 7th IEEE International Conference on Embedded Software and Systems, ICESS-2010, ScalCom-2010
Pages948-953
Number of pages6
DOIs
StatePublished - Nov 19 2010
Externally publishedYes

Fingerprint

Dive into the research topics of 'A security management architecture for the protection of kernel virtual machines'. Together they form a unique fingerprint.

Cite this