| As we know, the biggest challenge for SaaS (software as a service)cloud computing systems is guaranteeing user-level security. For this end,some approaches and systems have been proposed for virtual machine incloud platform. However, the integrity measurement methods used invirtual machine, cannot detect dynamic attacks, such as measuringapplications periodically or statically (measuring before execution).This paper presents an In-Out-VM dynamic measurement architecture(IODMA) especially for Xen virtual machine (VM), which aims at user’srunning applications rather than static executable files. Our work consistsof two parts: dynamic measurement part and hybrid architectureimplementation part.Dynamic measurement. By comparison, it has advantages in threeaspects. Firstly, it detects dynamic attacks and has a better performance thanthe static ones. Secondly, the measurements are done at any time on demandrather than at specific time. Thirdly, it supports fine-grained protection suchas measuring the code segment and the argument segment separately.Hybrid architecture. The measurement architecture is implemented bya hybrid of In-VM method and Out-of-VM method. The In-VM part of thehybrid effectively reduces the switching overheads between privilegedvirtual machine and guest virtual machines, while the Out-of-VM partimproves the security. Finally, an implementation of IODMA is givenequipped with the Trusted Platform Module (TPM), which achieves abovegoals with good performance. |
PDF Full Text Request