VIRTUALIZATION

INTROSPECTION SYSTEM ON
KVM-BASED CLOUD COMPUTING
PLATFORMS

Submitted by,
Name:
Roll no:
S7 CSE
MZC

Contents

Introduction
Existing system
Limitations of Existing System
Proposed System
Advantages of Proposed System
Virtualization Techniques for KVM Cloud Systems
Review of Virtual Introspection System
Conclusion
Future Enhancement
References

I. Introduction
Linux Kernel Virtual Machine (KVM) is one of the most common
commodity hypervisor driver deployed in the IaaS layer of clouds.
KVM provides a full-virtualization environment that emulates
hardware as much as possible including CPU(s), network interfaces
and mother-board chips.
KVM converts the Linux kernel into a bare metal hypervisor and it
leverages the advanced features of Intel VT-X and AMD-V x86
hardware, thus delivering unsurpassed performance levels.

 KVM enables organizations to be agile by providing robust

flexibility and scalability that fit their specific business
demands.
KVM incorporates Linux security features including
SELinux(Security-Enhanced Linux) to add access controls,
multi-level and multi-category security as well as policy
enforcement.
As a result, organizations are protected from compromised
virtual machines which are isolated and cannot be accessed by
any other processes.

II. Existing System

Cloud computing security is an evolving sub-domain of

computer security, network security, and, more broadly,
information security.
It refers to a broad set of policies, technologies, and controls
deployed to protect data, applications, and the associated
infrastructure of cloud computing.
Cloud security providers either integrate the customers
identity management system into their own infrastructure,
using federation or SSO technology.

 Cloud security providers physically secure the IT hardware

(servers, routers, cables etc.) against unauthorized access,
interference, theft, res, oods etc.
Cloud security providers ensure that applications available as
a service via the cloud (SaaS) are secure by specifying,
designing, implementing, testing and maintaining appropriate
security measures.
Cloud security providers ensure that all critical data (credit
card numbers, for example) are masked or encrypted and that
only authorized users have access to data in its entirety.

III. Limitations of Existing

System
Vulnerable to malicious hacking techniques resulting in
permanent data loss.
Account hijacking,which leads to unauthorized access to
credentials, activities and transactions, data manipulation,
falsified information returns and redirection of clients to
illegitimate sites.
Insecure interfaces and APIs - APIs are integral to security and
availability of general cloud services.

 Denial of service outages can cost service providers and

clients dependent on the 24/7 availability of one or more
services.
Loss of encryption keys to encrypted data in a cloud
environment results in the loss of the encrypted data.
Malicious insiders can gain access to a network, system, or
data for malicious purposes. In an improperly designed
cloud scenario, the damage is even greater.
Organizations embrace the cloud without fully
understanding the cloud environment and associated risks.

IV. Proposed System

Virtualization - the abstraction of computer resources.

Virtualization hides the physical characteristics of computing
resources from their users, be they applications, or end users.
Virtualization Introspection System(VIS) is implemented that
detects and intercepts attacks from VMs by monitoring their
status.

 This includes making a single physical resource (such as a

server, an operating system, an application, or storage
device) appear to function as multiple virtual resources.
It makes multiple physical resources (such as storage
devices or servers) appear as a single virtual resource.
VIS can be deployed on most cloud operating systems
based on KVM such as OpenStack and OpenNebula.

V. Advantages of Proposed System

Resource utilization - VM execute on the same physical
hardware, but with much stronger isloation from each other
than IIS's process walls. Lower cost per VM, higher income
per unit of hardware.
Virtualization prevents possible damage to the underlying
system.
Virtualization facilitates seamless deployment and migration
of software between nodes. This reduces cost incurred while
investing in hardware.

 With virtualization, its possible to purchase and maintain

fewer servers, and get more use out of the servers available.
A virtualized server makes better use of the servers
available capacity than a non-virtualized server.
Virtualization software allows sharing of the resources of a
single physical server to create several separate virtual
environments, called virtual machines. Each virtual
machine can run its own operating system as well as any
business applications your company needs.
Virtualization can help you get more out of your existing
hardware by increasing its utilization.

Virtualization in Cloud Systems

VI. Virtualization Techniques

for KVM Cloud Systems
Virtualization hides the physical characteristics of computing
resources from their users, be they applications, or end users.
This includes making a single physical resource (such as a
server, an operating system, an application, or storage device)
appear to function as multiple virtual resources.
Hypervisor is a software program that manages multiple
operating systems (or multiple instances of the same operating
system) on a single computer system.

Virtualization -- a Server for

Multiple Applications/OS

Applications

Operating
System

Application
Application
Applications
Application
Application
Operating
Operating
Operating
Operating
System
Operating
System
System
System
System
Hypervisor

Hardware
Hardware

VII. Review of Virtual Introspection

System
Introspection Modules - Each is an independent python module that
can be loaded dynamically to detect malicious VM on a specific
behavior.
Monitor - Stores the data into Behavior Databases and visualizes
running status.
Behavior Database - Stores the previously analyzed pattern of
malicious behavior of VMs and saves the category data as
Role Period Program System call

VIS with IaaS and Cloud middle ware

The two VIS defense operations are as follows

Termination - Direct shutdown and offline migration of
VMs that are confirmed with severe attacks.
Isolation - Online migration (to a physical isolated place)
of potential vulnerable VMs, e.g., VMs that are identified
as compromised.

VIII. Conclusion
We propose VIS, a virtualization introspection system for KVMbased cloud platforms

We monitor both dynamic and static VM status

We replay and characterize various attacks

Detect VMs that attack VM Hypervisor

Detect VMs that attack other VMs

Detect VMs that are compromised

VIS can do termination and online migration.

IX. Future Enhancement

The current VIS is limited to protection on rules that have
been established.
There is aneed to collect more attack patterns
The rules are derived by heuristics and in future more
sophisticated analysis, e.g., system call sequences can be
implemented in order to enhance the security of the KVM
cloud systems.

References

VMWare
IBM
Microsoft
Intel
AMD
http://www.xen.org/
http://en.wikipedia.org/
http://www.stackexchange.com/
http://www.webopedia.com/

THANK YOU