Modeling the Runtime Integrity of Cloud Servers: A Scoped Invariant Perspective

Author

Wei, Jinpeng ; Pu, Calton ; Rozas, Carlos V. ; Rajan, Anand ; Zhu, Feng

Author_Institution

Florida Int. Univ., Miami, FL, USA

fYear

2010

fDate

Nov. 30 2010-Dec. 3 2010

Firstpage

651

Lastpage

658

Abstract

One of the underpinnings of Cloud Computing security is the runtime integrity of individual Cloud servers. Due to the on-going discovery of runtime software vulnerabilities like buffer overflows, it is critical to be able to gauge the integrity of a Cloud server as it operates. In this paper, we propose scoped invariants as a primitive for analyzing the software system for its integrity properties. We report our experience with the modeling and detection of scoped invariants. The Xen Virtual Machine Manager is used for a case study. Our research detects a set of essential scoped invariants that are critical to the runtime integrity of Xen. One such property, that the addressable memory limit of a guest OS must not include Xen´s code and data, is indispensable for Xen´s guest isolation mechanism. The violation of this property demonstrates that the attacker only needs to modify a single byte in the Global Descriptor Table to achieve his goal.

Keywords

cloud computing; data integrity; security of data; virtual machines; Xen virtual machine manager; cloud computing security; cloud server; global descriptor table; runtime integrity; scoped invariant perspective; software vulnerabilities; Cloud computing; Monitoring; Runtime; Security; Servers; Software; Software measurement; Xen; integrity modeling; invariants detection; tools;

fLanguage

English

Publisher

ieee

Conference_Titel

Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on

Conference_Location

Indianapolis, IN

Print_ISBN

978-1-4244-9405-7

Electronic_ISBN

978-0-7695-4302-4

Type

conf

DOI

10.1109/CloudCom.2010.29

Filename

5708514