File(s) under permanent embargo

CloudSec: a security monitoring appliance for virtual machines in the IaaS cloud model

conference contribution
posted on 2011-11-17, 00:00 authored by Amani Ibrahim, J Hamlyn-Harris, John Grundy, M Almorsy
The Infrastructure-as-a-Service (IaaS) cloud computing model has become a compelling computing solution with a proven ability to reduce costs and improve resource efficiency. Virtualization has a key role in supporting the IaaS model. However, virtualization also makes it a target for potent rootkits because of the loss of control problem over the hosted Virtual Machines (VMs). This makes traditional in-guest security solutions, relying on operating system kernel trustworthiness, no longer an effective solution to secure the virtual infrastructure of the IaaS model. In this paper, we explore briefly the security problem of the IaaS cloud computing model, and present CloudSec, a new virtualization-aware monitoring appliance that provides active, transparent and real-time security monitoring for hosted VMs in the IaaS model. CloudSec utilizes virtual machine introspection techniques to provide fine-grained inspection of VM's physical memory without installing any monitoring code inside the VM. It actively reconstructs and monitors the dynamically changing kernel data structures instances, as a prior step to enable providing protection for kernel data structures. We have implemented a proof-of-concept prototype using VMsafe libraries on a VMware ESX platform. We have evaluated the system monitoring accuracy and the performance overhead of CloudSec.



Network and System Security. International Conference (5th : 2011 : Milan, Italy)


113 - 120




Milan, Italy

Place of publication

Piscataway, N.J.

Start date


End date






Publication classification

E Conference publication; E1.1 Full written paper - refereed

Copyright notice

2011, IEEE

Title of proceedings

NSS 2011 : Proceedings of the 5th International Conference on Network and System Security 2011