Title :
Efficient Retrieval of Key Material for Inspecting Potentially Malicious Traffic in the Cloud
Author :
Saxon, John T. ; Bordbar, Behzad ; Harrison, Keith
Author_Institution :
Sch. of Comput. Sci., Univ. of Birmingham, Birmingham, UK
Abstract :
Cloud providers must detect malicious traffic in and out of their network, virtual or otherwise. The use of Intrusion Detection Systems (IDS) has been hampered by the encryption of network communication. The result is that current signatures cannot match potentially malicious requests. A method to acquire the encryption keys is Virtual Machine Introspection (VMI). VMI is a technique to view the internal, and yet raw, representation of a Virtual Machine (VM). Current methods to find keys are expensive and use sliding windows or entropy. This inevitably requires reading the memory space of the entire process, or worse the OS, in a live environment where performance is paramount. This paper describes a structured walk of memory to find keys, particularly RSA, using as fewer reads from the VM as possible. In doing this we create a scalable mechanism to populate an IDS with keys to analyse traffic.
Keywords :
cloud computing; cryptography; entropy; inspection; telecommunication traffic; virtual machines; IDS; RSA; VMI; cloud providers; encryption; entropy; intrusion detection systems; key material retrieval; memory space; network communication; potentially malicious traffic inspection; sliding windows; virtual machine introspection; Cryptography; Entropy; Forensics; Libraries; Memory management; Servers; Virtual machining; Key Material; Live Forensics; RSA; Virtual Machine Introspection;
Conference_Titel :
Cloud Engineering (IC2E), 2015 IEEE International Conference on
Conference_Location :
Tempe, AZ
DOI :
10.1109/IC2E.2015.26
