[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/2508859.2512506acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
poster

POSTER: Event-based isolation of critical data in the cloud

Published: 04 November 2013 Publication History

Abstract

In this poster, we present TrustDraw, a transparent security extension for the cloud which combines Virtual Machine Introspection (VMI) and Trusted Computing (TC). TrustDraw provides secure storage of critical data like keys or passwords and allows to temporarily insert this data into a running virtual machine (VM) if required. TrustDraw improves security by allowing access to the critical data only if certain previously defined conditions are met. This way, the stealing of critical data by bypassing access permissions based on successfully executed attacks can be mitigated. TrustDraw runs isolated and transparent. No software modifications are required on a target VM. We evaluated an implementation of TrustDraw in a realistic scenario in which it only caused an acceptable run-time delay.

References

[1]
P. Barham, B. Dragovic, K. Fraser, S. Hand, T. L. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. In Symposium on Operating Systems Principles, pages 164--177, 2003.
[2]
S. Berger, R. Cáceres, K. A. Goldman, R. Perez, R. Sailer, and L. van Doorn. vtpm: virtualizing the trusted platform module. In Proceedings of the 15th conference on USENIX Security Symposium - Volume 15, USENIX-SS'06, Berkeley, CA, USA, 2006. USENIX Association.
[3]
N. Falliere, Murchu, and E. Chien. W32.Stuxnet dossier. Symantec Security Response online report, Feb. 2011.
[4]
H. Fang, Y. Zhao, H. Zang, H. Huang, Y. Song, Y. Sun, and Z. Liu. Vmguard: An integrity monitoring system for management virtual machines. In Parallel and Distributed Systems (ICPADS), 2010 IEEE 16th International Conference on, pages 67--74, dec. 2010.
[5]
T. Fraser, M. Evenson, and W. Arbaugh. Vici virtual machine introspection for cognitive immunity. In Computer Security Applications Conference, 2008. ACSAC 2008. Annual, pages 87--96, dec. 2008.
[6]
T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In In Proc. Network and Distributed Systems Security Symposium, pages 191--206, 2003.
[7]
Z. Gu, Z. Deng, D. Xu, and X. Jiang. Process implanting: A new active introspection framework for virtualization. In Reliable Distributed Systems (SRDS), 2011 30th IEEE Symposium on, pages 147--156, oct. 2011.
[8]
G. Holzmann. The spin model checker. IEEE Transactions on Software Engineering, 1997.
[9]
B. D. Payne and W. Lee. Secure and flexible monitoring of virtual machines. In Annual Computer Security Applications Conference, pages 385--397, 2007.
[10]
sKyWIper Analysis Team. skywiper (a.k.a. flame a.k.a. flamer): A complex malware for targeted attacks, May. 2012.

Cited By

View all
  • (2021)Assessing and Ranking Cloud Computing Security Risks Based On a Hybrid Approach Based On Pairwise ComparisonsIranian Journal of Information Processing and Management10.52547/jipm.37.1.2737:1(27-58)Online publication date: 1-Sep-2021

Index Terms

  1. POSTER: Event-based isolation of critical data in the cloud

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
    November 2013
    1530 pages
    ISBN:9781450324779
    DOI:10.1145/2508859
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 04 November 2013

    Check for updates

    Author Tags

    1. cloud security
    2. virtual machine introspection

    Qualifiers

    • Poster

    Conference

    CCS'13
    Sponsor:

    Acceptance Rates

    CCS '13 Paper Acceptance Rate 105 of 530 submissions, 20%;
    Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)5
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 30 Dec 2024

    Other Metrics

    Citations

    Cited By

    View all
    • (2021)Assessing and Ranking Cloud Computing Security Risks Based On a Hybrid Approach Based On Pairwise ComparisonsIranian Journal of Information Processing and Management10.52547/jipm.37.1.2737:1(27-58)Online publication date: 1-Sep-2021

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media