VIRTUALIZATION INTROSPECTION SYSTEM ON

KVM-BASED CLOUD COMPUTING PLATFORMS

Submitted by, Name:

Roll no: S7 CSE

MZC

Contents• Introduction• Existing system• Limitations of Existing System• Proposed System• Advantages of Proposed System• Virtualization Techniques for KVM Cloud Systems• Review of Virtual Introspection System• Conclusion• Future Enhancement• References

• Conclusion

I. Introduction

• Linux Kernel Virtual Machine (KVM) is one of the most commoncommodity hypervisor driver deployed in the IaaS layer of clouds.

• KVM provides a full-virtualization environment that emulates hardware as much as possible including CPU(s), network interfaces and mother-board chips.

• KVM converts the Linux kernel into a bare metal hypervisor and it leverages the advanced features of Intel VT-X and AMD-V x86 hardware, thus delivering unsurpassed performance levels.

• KVM enables organizations to be agile by providing robust flexibility and scalability that fit their specific business demands.

• KVM incorporates Linux security features including SELinux(Security-Enhanced Linux) to add access controls, multi-level and multi-category security as well as policy enforcement.

• As a result, organizations are protected from compromised virtual machines which are isolated and cannot be accessed by any other processes.

II. Existing System

• Cloud computing security is an evolving sub-domain of computer security, network security, and, more broadly, information security.

• It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing.

• Cloud security providers either integrate the customer’s identity management system into their own infrastructure, using federation or SSO technology.

• Cloud security providers physically secure the IT hardware (servers, routers, cables etc.) against unauthorized access, interference, theft, fires, floods etc.

• Cloud security providers ensure that applications available as a service via the cloud (SaaS) are secure by specifying, designing, implementing, testing and maintaining appropriate security measures.

• Cloud security providers ensure that all critical data (credit card numbers, for example) are masked or encrypted and that only authorized users have access to data in its entirety.

III. Limitations of Existing System

• Vulnerable to malicious hacking techniques resulting in permanent data loss.

• Account hijacking,which leads to unauthorized access to credentials, activities and transactions, data manipulation, falsified information returns and redirection of clients to illegitimate sites.

• Insecure interfaces and APIs - APIs are integral to security and availability of general cloud services.

• Denial of service outages can cost service providers and clients dependent on the 24/7 availability of one or more services.

• Loss of encryption keys to encrypted data in a cloud environment results in the loss of the encrypted data.

• Malicious insiders can gain access to a network, system, or data for malicious purposes. In an improperly designed cloud scenario, the damage is even greater.

• Organizations embrace the cloud without fully understanding the cloud environment and associated risks.

IV. Proposed System

• Virtualization - the abstraction of computer resources.

• Virtualization hides the physical characteristics of computing resources from their users, be they applications, or end users.

• Virtualization Introspection System(VIS) is implemented that detects and intercepts attacks from VMs by monitoring their status.

• This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple virtual resources.

• It makes multiple physical resources (such as storage devices or servers) appear as a single virtual resource.

•  VIS can be deployed on most cloud operating systems based on KVM such as OpenStack and OpenNebula.

V. Advantages of Proposed System• Resource utilization - VM execute on the same physical

hardware, but with much stronger isloation from each other than IIS's process walls. Lower cost per VM, higher income per unit of hardware.

• Virtualization prevents possible damage to the underlying system.

• Virtualization facilitates seamless deployment and migration of software between nodes. This reduces cost incurred while investing in hardware.

• With virtualization, its possible to purchase and maintain fewer servers, and get more use out of the servers available.

• A virtualized server makes better use of the server’s available capacity than a non-virtualized server.

• Virtualization software allows sharing of the resources of a single physical server to create several separate virtual environments, called virtual machines. Each virtual machine can run its own operating system as well as any business applications your company needs.

• Virtualization can help you get more out of your existing hardware by increasing its utilization.

Virtualization in Cloud Systems

VI. Virtualization Techniques for KVM Cloud Systems

• Virtualization hides the physical characteristics of computing resources from their users, be they applications, or end users.

• This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple virtual resources.

• Hypervisor is a software program that manages multiple operating systems (or multiple instances of the same operating system) on a single computer system.

Hardware

OperatingSystem

Applications

Hardware

OperatingSystem

Application

Hypervisor

OperatingSystem

Application

OperatingSystem

Application

OperatingSystem

Application

OperatingSystem

Applications

Virtualization -- a Server for Multiple Applications/OS

VII. Review of Virtual Introspection System

• Introspection Modules - Each is an independent python module that can be loaded dynamically to detect malicious VM on a specific behavior.

• Monitor -  Stores the data into Behavior Databases and visualizes running status.

• Behavior Database -  Stores the previously analyzed pattern of malicious behavior of VMs and saves the category data as Role Period Program System call

VIS with IaaS and Cloud middle ware

The two VIS defense operations are as follows –

• Termination -   Direct shutdown and offline migration of  VMs that are confirmed with severe attacks.

• Isolation -  Online migration (to a physical isolated place) of potential vulnerable VMs, e.g., VMs that are identified as compromised.

VIII. Conclusion

•  We propose VIS, a virtualization introspection system for KVM-

based cloud platforms

• We monitor both dynamic and static VM status

• We replay and characterize various attacks

•   Detect VMs that attack VM Hypervisor

• Detect VMs that attack other VMs

•   Detect VMs that are compromised

•  VIS can do termination and online migration.

IX. Future Enhancement• The current VIS is limited to protection on rules that have

been established.

• There is a need to collect more attack patterns

• The rules are derived by heuristics and in future more sophisticated analysis, e.g., system call sequences can be implemented in order to enhance the security of the KVM cloud systems.

References• VMWare ®• IBM ®• Microsoft®• Intel ®• AMD ®• http://www.xen.org/• http://en.wikipedia.org/• http://www.stackexchange.com/• http://www.webopedia.com/

THANK YOU