AdjointVM: A new Intrusion Detection Model for Cloud Computing
The current VMM-based IDS have two drawbacks when used in cloud computing. First, all the protected guest virtual machines (VMs) rely on the privileged VM to debug and schedule, this can make the privileged VM very clumsy and erroneous. Second, the protected guest VMs are totally exposed to the privileged VM and are vulnerable to attacks launched from privileged VM. In this paper, we introduce a new approach, named AdjointVM, to address the above two problems. AdjointVM is a novel IDS model which is composed of explicit part and implicit part. In the explicit part, we use traditional IDS to monitor the user-level applications. In the implicit part, each protected VM is coupled with an adjoint VM, which uses virtualization technology to monitor kernel states of the protected VM and protect the integrity of the explicit IDS. We further use trusting computing technology to enhance the isolation between privileged VM and normal VM. Our IDS can work securely even when the protected VM and the privileged VM are all untrustworthy. In short, AdjointVM combines both traditional and new VMM-based IDS techniques with trust computing techniques to provide a new IDS model for cloud computing.
virtual machine trust computing intrusion detection
Jinzhu Kong
Computer school National university of defense technology Changsha, China
国际会议
2010 International Conference on Future Information Technology(2010年未来信息技术国际会议 ICFIT 2010)
长沙
英文
272-277
2010-12-14(万方平台首次上网日期,不代表论文的发表时间)