• DocumentCode
    2933782
  • Title

    Defending against VM rollback attack

  • Author

    Xia, Yubin ; Liu, Yutao ; Chen, Haibo ; Zang, Binyu

  • fYear
    2012
  • fDate
    25-28 June 2012
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    Recently it became a hot topic to protect VMs from a compromised or even malicious hypervisor. However, most previous systems are vulnerable to rollback attack, since it is hard to distinguish from normal suspend/resume and migration operations that an IaaS platform usually offers. Some of the previous systems simply disable these features to defend rollback attack, while others heavily need user involvement. In this paper, we propose a new solution to make a balance between security and functionality. By securely logging all the suspend/resume and migration operation inside a small trusted computing base, a user can audit the log to check malicious rollback and constrain the operations on the VMs. The solution considers several practical issues including hardware limitations and minimizing user´s interaction, and has been implemented on a recent VM protection system.
  • Keywords
    cloud computing; security of data; trusted computing; virtual machines; IaaS platform; VM protection system; VM rollback attack; malicious hypervisor; malicious rollback; migration operations; suspend-resume operations; trusted computing; virtual machines; Booting; Cloning; Cryptography; Hardware; Processor scheduling; Virtual machine monitors;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Dependable Systems and Networks Workshops (DSN-W), 2012 IEEE/IFIP 42nd International Conference on
  • Conference_Location
    Boston, MA
  • Print_ISBN
    978-1-4673-2264-5
  • Electronic_ISBN
    978-1-4673-2265-2
  • Type

    conf

  • DOI
    10.1109/DSNW.2012.6264690
  • Filename
    6264690
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2933782