University of Birmingham > Talks@bham > Computer Security Seminars > Forensic Virtual Machines: Dynamic defence in the Cloud via Introspection

Forensic Virtual Machines: Dynamic defence in the Cloud via Introspection

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Vincent Cheval.

The Cloud attempts to provide its users with automatically scalable platforms to host many applications and operating systems. To allow for quick deployment, they are often homogenised to a few images, restricting the variations used within the Cloud. An exploitable vulnerability stored within an image means that each instance will suffer from it and as a result, an attacker can be sure of a high pay-off for their time. This makes the Cloud a prime target for malicious activities. There is a clear requirement to develop an automated and computationally-inexpensive method of discovering malicious behaviour as soon as it starts, such that remedial action can be adopted before substantial damage is caused.

In This talk I will report on a collaborative work with HP research lab in creating an infrastructure for using Introspection to detect symptoms of malicious behaviour. we propose the use of Mini-OS, a virtualised operating system that uses minimal resources on the Xen virtualisation platform, for analysing the memory space of other guest virtual machines. We produce detectors which we call Forensic Virtual Machines (FVMs). They are lightweight such and hence computationally cheap to run and use secure multicast to communicate and share information. Such a small footprint allows the physical host to run numerous instances to find symptoms of malicious behaviour whilst potentially limiting attack vectors. We also describe our experience of developing FVMs and how they can be used to complement existing methods to combat malware.

This talk is part of the Computer Security Seminars series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


Talks@bham, University of Birmingham. Contact Us | Help and Documentation | Privacy and Publicity.
talks@bham is based on from the University of Cambridge.