Title :
Malware Detection and Kernel Rootkit Prevention in Cloud Computing Environments
Author :
Schmidt, Matthias ; Baumgärtner, Lars ; Graubner, Pablo ; Böck, David ; Freisleben, Bernd
Author_Institution :
Dept. of Math. & Comput. Sci., Univ. of Marburg, Marburg, Germany
Abstract :
The commercial success of Cloud Computing and recent developments in Grid Computing have brought platform virtualization technology into the field of high performance computing. Virtualization offers both more flexibility and security through custom user images and user isolation. In this paper, we present an approach for combined malware detection and kernel root kit prevention in virtualized Cloud Computing environments. All running binaries in a virtual instance are intercepted and submitted to one or more analysis engines. Besides a complete check against a signature database, live introspection of all system calls is performed to detect yet unknown exploits or malware. Furthermore, to prevent that an intruder retains persistent control over a running instance after a successful compromise, an in-kernel root kit prevention approach is proposed. Only authorized and thus trusted kernel modules are allowed to be loaded during runtime, loading of unauthorized modules is no longer possible. Finally, the performance of the presented solutions is evaluated.
Keywords :
cloud computing; grid computing; invasive software; virtualisation; cloud computing; grid computing; kernel rootkit prevention; malware detection; virtualization; Cloud computing; Kernel; Loading; Malware; Kernel Security; Malware detection; Rootkit; Virtualization;
Conference_Titel :
Parallel, Distributed and Network-Based Processing (PDP), 2011 19th Euromicro International Conference on
Conference_Location :
Ayia Napa
Print_ISBN :
978-1-4244-9682-2
DOI :
10.1109/PDP.2011.45
