Enhancing OpenStack Cloud Security with Virtual Machine Introspection

• Main Authors: Lee, Yen Heng, 李彥亨
• Other Authors: Tsaih, Rua Huan
• Format: Others
• Language: en_US
• Online Access: http://ndltd.ncl.edu.tw/handle/33306288997377546264

碩士 === 國立政治大學 === 資訊管理研究所 === 103 === Today, we attributes it to virtualization technology that the application of cloud computing is so well-developed that the world-wide famous company can make use of this technique to reap the profits, just likes Google and Amazon etc. While cloud service bringing kinds of benefit to system vendors and cloud tenants, cloud security is exposed to many threats. Traditionally, two main kinds of intrusion detection system (IDS) are host-based IDS (HIDS) and network-based IDS (NIDS). With virtualization technology development, virtual machine monitor (VMM) based IDS is superior to HIDS and NIDS both on isolation and visibility properties as far as cloud security concerned. We address a cloud security protection framework, called Virtualization Introspection System for OpenStack (VISO), to strengthen OpenStack security defensive mechanism. VISO has some following characteristics. (1) VMI based monitoring mechanism (2) behavior-based analysis (3) elastic to expand system functionality and easy to operate (4) all apparatuses in VISO are free on Internet that is why we also choose the most famous private cloud solution, OpenStack, to deploying cloud environment. About our experiment method, we using supervised and unsupervised artificial technology algorithm to analyze behaviors monitored in a sandbox environment. All malwares are downloaded from OWL Taiwan official malware knowledge base and labeled by anti-virus scanner. The purpose is to see how effective the features of behaviors collected by VISO can recognize the same family malwares. Detecting unknown malware variants previously not recognized by commercial anti-virus software by training the same family known malware samples.