Cloud Security Auditing Based on Behavioral Modeling

Multi-tenancy is one of the most attractive features of cloud computing, which provides significant benefits to both clients and service providers by supporting elastic, efficient, and on-demand resource provisioning and allocation. However, this architecture also introduces additional security implications. Client Virtual Machine (VM) instances running on the same physical machine are susceptible to side-channel and escape-to-hypervisor attacks. The timely prevention of intrusive behavior and malicious processes using signature based intrusion detection technologies, or system call level anomaly analysis is a very challenging task due to a high rate of false alarms. In this work, a behavioral modeling scheme is proposed to audit the behaviors of client VMs and to detect suspicious processes on the highest semantic level. Our preliminary results have validated the effectiveness and efficiency of this novel approach.