Title :
Intrusion detection and honeypots in nested virtualization environments
Author :
Beham, Michael ; Vlad, Marius ; Reiser, Hans P.
Author_Institution :
Inst. of IT-Security & Security Law, Univ. of Passau, Passau, Germany
Abstract :
Several research projects in the past have built intrusion detection systems and honeypot architectures based on virtual machine introspection (VMI). These systems directly benefit from the use of virtualization technology. The VMI approach, however, requires direct interaction with the virtual machine monitor, and typically is not available to clients of current public clouds. Recently, nested virtualization has gained popularity in research as an approach that could enable cloud customers to use virtualization-based solutions within a cloud by nesting two virtual machine monitors, with the inner one under control of the client. In this paper, we compare the performance of existing nested-virtualization solutions and analyze the impact of the performance overhead on VMI-based intrusion detection and honeypot systems.
Keywords :
cloud computing; performance evaluation; security of data; virtual machines; virtualisation; VMI approach; VMI-based intrusion detection systems; cloud customers; honeypot architecture; honeypot systems; nested virtualization technology; performance overhead; virtual machine introspection; virtual machine monitor; virtualization-based solutions; Cloud computing; Hardware; Intrusion detection; Performance evaluation; Support vector machines; Virtual machine monitors; Virtualization; Cloud computing; Honeypots; Intrusion detection; Nested virtualization;
Conference_Titel :
Dependable Systems and Networks (DSN), 2013 43rd Annual IEEE/IFIP International Conference on
Conference_Location :
Budapest
Print_ISBN :
978-1-4673-6471-3
DOI :
10.1109/DSN.2013.6575329
