Counteracting security attacks in virtual machines in the cloud using property based attestation

Journal of Network and Computer Applications

Volumn 40, Issue 1, 2014, Pages 31-45

  Varadharajan, Vijay ^a   Tupakula, Udaya ^a  

^a MACQUARIE UNIVERSITY   (Australia)

Author keywords

Cloud; Malware; Rootkits; TPM attestation; Trusted computing; Virtual machine monitors; Zero day attacks

Indexed keywords

CLOUDS; DISTRIBUTED DATABASE SYSTEMS; SALES;

MALWARES; ROOTKITS; TPM ATTESTATION; TRUSTED COMPUTING; VIRTUAL MACHINE MONITORS; ZERO DAY ATTACK;

COMPUTER SIMULATION;

EID: 84896399206     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2013.08.002     Document Type: Article

References (32)

1. Amazon Inc. Amazon Elastic Compute Cloud (Amazon EC2). 〈http://aws.amazon.com/ec2/âŒ.
2. Barham, Paul Dragovic, Boris Fraser, Keir Hand, Steven Harris Tim, Ho Alex, et al. Xen and the art of virtualization. In: Proceedings of the nineteenth ACM symposium on operating systems principles. Bolton Landing, NY, USA; October 2003.
3. Berger S, Caceres, R, Goldman KA, Perez R, Sailer R, Van Doorn L.vTPM: Virtualizing the trusted platform module. In: Proceedings of the 15th USENIX security symposium, Berkeley, CA, USA. USENIX Association; 2006.
4. Blaze M, Feigenbaum J, Lacy J. Decentralized trust management. Security and Privacy. In: Proceedings of the IEEE symposium on security and privacy, Oakland, CA, USA: IEEE Computer Society; 1996. p.164-73
5. Blaze M, Feigenbaum J, Ioannidis J, Keromytis A. The KeyNote trust-management system version 2. RFC 2704; September 1999.
6. DeTreville J.Binder: a logic-based security language. In: Proceedings of the 2002 IEEE symposium on security and privacy, Washington, DC, USA: IEEE Computer Society; 2002.
7. Ferraiolo D, Kuhn R. Role-based access control. In: Proceedings of the 15th NIST-NCSC National Computer Security Conference; 1992. p. 554-63.
8. Flexiant Inc. Flexiscale public cloud. 〈http://www. flexiant.com/products/flexiscale/âŒ.
9. Herzberg A, Mass Y, Michaeli J, Ravid Y, Naor D. Access control meets public key infrastructure, or assigning roles to strangers. In: Proceedings of the IEEE symposium on security and privacy, Washington DC, USA: IEEE Computer Society; 2000.
10. Jajodia S, Samarati P, Subrahmanian VS. A logical language for expressing authorizations. In: SP '97: proceedings of the 1997 IEEE symposium on Security and privacy, Washington, DC, USA: IEEE Computer Society; 1997. p. 31.
11. Li N, Mitchell JC. Rt: a role-based trust-management framework. In: Proceedings of the third DARPA information survivability conference and exposition. IEEE Computer Society; 2003. p. 201-12.
12. Li Xiao-Yong, Zhou Li-Tao, Shi Yong, Guo Yu. A trusted computing environment model in cloud architecture. In: Proceedings of 9th international conference on machine learning and cybernetics, Qingdao; July 2010.
13. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver Inside the slammer worm IEEE Security and Privacy 1 2003 4
14. Nagarajan A, Varadharajan V, Hitchens M, Gallery E. Property based attestation and trusted computing: analysis and challenges. In: Proceedings of the international conference on network and system security, vol. 0; 2009. p. 278-85.
15. Newsome J, Song D. Dynamic taint analysis: automatic detection and generation of software exploit attacks. In: Proceedings of NDSS; February 2005.
16. Nurmi D, Wolski R, Grzegorczyk C, Obertelli G, Soman S, Youseff L, et al. The eucalyptus open-source cloud-computing system. In: Proceedings of the 9th IEEE/ACM international symposium on cluster computing and the grid, Shanghai, China; May 2009.
17. G. Popek, and R. Goldberg Formal requirements for virtualizable 3rd generation architectures Communications of the ACM 17 7 1974 412 421
18. Poritz J, Schunter M, Herreweghen EV, Waidner M. Property attestation: scalable and privacy-friendly security assessment of peer computers. IBM Research. Technical Report; May 2004.
19. Sadeghi A-R, Sẗuble C. property-based attestation for computing platforms: Caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms NSPW '04. USA: ACM; 2004. p. 67-77.
20. Shin Seungwon, Gu Guofei. Conficker and beyond: a large-scale empirical study. In: Proceedings of ACSAC 2010, Texas, USA; December 2010.
21. J.E. Smith, and Ravi Nair The architecture of virtual machines IEEE Internet Computing 2005
22. Brett Stone-Gross, Marco Cova, Bob Gilbert, Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna Analysis of a Botnet takeover IEEE Security and Privacy 2010
23. S. Subashini, and V. Kavitha A survey on security issues in service delivery models of cloud computing Journal of Network and Computer Applications 34 1 2011 1 11
24. Szefer Jakub, Keller Eric, Lee Ruby B, Rexford Jennifer. Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM conference on computer and communications security, Chicago, USA; October 2011.
25. TCG. TPM main - part 1 design principles. Version 1.2, revision 103. Trusted Computing Group; July 2007.
26. Hassan Takabi, James B.D. Joshi, and Gail-Joon Ahn Security and privacy challenges in cloud computing environments IEEE Security & Privacy 2010
27. Team TR. Rackspace cloud. 〈http://www.rackspacecloud. com/âŒ.
28. The Nimbus Team. Nimbus project. 〈http://www. nimbusproject.org/âŒ
29. Trieu C Chieu, Mohindra Ajay, Karve Alexei A, Segal Alla. Dynamic scaling of web applications in a virtualized cloud computing environment. In: Proceedings of IEEE international conference on e-Business engineering; 2009.
30. VMI tools. 〈https://code.google.com/p/vmitools/ âŒ
31. XenAccess Library. Available at: 〈http://code.google. com/p/xenaccess/âŒ
32. Zhang Fengzhe, Chen Jin, Chen Haibo, Zang Binyu. CLOUDVISor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proceedings of 23rd ACM symposium on operating systems principles (SOSP), Portugal; October 2011.