Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.4.775

Computationally Efficient Instance Memory Monitoring Scheme for a Security-Enhanced Cloud Platform  

Choi, Sang-Hoon (Sejong Univ. SysCore Lab.)
Park, Ki-Woong (Sejong Univ. Dept. of Computer and Information Security)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.4, 2017 , pp. 775-783 More about this Journal
Abstract
As interest in cloud computing grows, the number of users using cloud computing services is increasing. However, cloud computing technology has been steadily challenged by security concerns. Therefore, various security breaches are springing up to enhance the system security for cloud services users. In particular, research on detection of malicious VM (Virtual Machine) is actively underway through the introspecting virtual machines on the cloud platform. However, memory analysis technology is not used as a monitoring tool in the environments where multiple virtual machines are run on a single server platform due to obstructive monitoring overhead. As a remedy to the challenging issue, we proposes a computationally efficient instance memory introspection scheme to minimize the overhead that occurs in memory dump and monitor it through a partial memory monitoring based on the well-defined kernel memory map library.
Keywords
Cloud Computing; VM Introspection; Computational Efficiency;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 Jae-yoon Sim and Kyung-ho Lee, "A Study on Information Access Control Policy Based on Risk Level of Security Incidents about IT Human Resources in Financial Institutions," Journal of The Korea Institute of Information Security & Cryptology, 25(2), pp. 343-361, Apr, 2015   DOI
2 Armbrust, Michael, et al. "A view of cloud computing," Communications of the ACM vol. 53, no. 4, pp. 50-58, Apr, 2010   DOI
3 Sang-Baek Chris Kang, "Cloud Computing Strategy Recommendations for Korean Public Organizations - Based on U.S. Federal Institutions' Cloud Computing Adoption Status and SDLC Initiative," The Jounal of Society for e-Business Studies, vol. 20, no. 4, pp. 103-236, Nov, 2015   DOI
4 Cloud Computing Development Act, http://www.law.go.kr/lsInfoP.do?lsi-Seq=169562&chrClsCd=010204#0000
5 Uhlig, G. Neiger, D. Rodgers, A. L. Santoni, F. C. M. Martins, A. V. Anderson, S. M. Bennett, A. Kagi, F. H. Leung, and L. Smith, "Intel virtualization technology," Computer vol. 38, no. 5, pp. 48-56, Feb, 2005   DOI
6 Taehyoung Kim, Inhyuk Kim, Junghan Kim, Changwoo Min, Jee-hong Kim and Young Ik Eom, "Security-Enhanced Local Process Execution Scheme in Cloud Computing Environments," Journal of The Korea Institute of Information Security & Cryptology, 20(5), pp. 69-79, Oct, 2010
7 Safaa Salam Hatem, Dr. Maged H. wafy and Dr. Mahmoud M. El-Khouly, "Malware detection in Cloud computing," International Journal of Advanced Computer Science and Applications, vol. 5, no.4, pp. 187-192, Apr, 2014
8 Tamas K. Lengyel, Steve Maresca, Bryan D. Payne, George D. Webster, Sebastian Vogl and Aggelos Kiayias, "Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system," Proceedings of the 30th Annual Computer Security Applications Conference, pp. 386-395, Dec, 2014
9 Artem Dinaburg, Paul Royal, Monirul Sharif and Wenke Lee, "Ether: malware analysis via hardware virtualization extensions," Proceedings of the 15th ACM conference on Computer and communications security, pp. 51-62, Oct , 2008
10 Rayan Mosli, Rui Li, Bo Yuan and Yin Pan, "Automated malware detection using artifacts in forensic memory images," Technologies for Homeland Security (HST), 2016 IEEE Symposium on, pp. 1-6, May, 2016
11 Haiquan Xiong, Zhiyong Liu, Weizhi Xu and Shuai Jiao, "Libvmi: a library for bridging the semantic gap between guest OS and VMM, " : Proceedings of the 12th International Conference on Computer and Information Technology, pp.549-556, Oct, 2012
12 Matthias Bolte, Michael Sievers, Georg Birkenheuer, Oliver Niehorster and Andre Brinkmann, "Non-intrusive virtualization management using libvirt," Proceedings of the Conference on Design, Automation and Test in Europe, pp. 574-579, Mar, 2010
13 Sang-hoon Choi", Accelerated memory dump and memory recording schemes for analyzing cloud computing platform in a microscopic level," Daejeon university of graduation thesis, pp. 1-26, Aug, 2016
14 Volatility, http://www.volatilityfoundation.org/about
15 Rekall, http://www.rekall-forensic.com/about.html
16 De Melo, Arnaldo Carvalho. "The new linux perf' tools," Slides from Linux Kongress. Vol. 18, Sep, 2010
17 Bellard, Fabrice. "QEMU, a fast and portable dynamic translator," USENIX Annual Technical Conference, pp. 41-46, Apr, 2005
18 Sefraoui, Omar, Mohammed Aissaoui, and Mohsine Eleuldj. "OpenStack: toward an open-source solution for cloud computing," International Journal of Computer Applications, vol. 55, no. 3, pp. 38-42, Oct, 2012   DOI