DIV: Dynamic integrity validation framework for detecting compromises on virtual machine based cloud services in real time

With the increasing popularity of cloud services, attacks on the cloud infrastructure also increase dramatically. Especially, how to monitor the integrity of cloud execution environments is still a difficult task. In this paper, a real-time dynamic integrity validation (DIV) framework is proposed to monitor the integrity of virtual machine based execution environments in the cloud. DIV can detect the integrity of the whole architecture stack from the cloud servers up to the VM OS by extending the current trusted chain into virtual machine´s architecture stack. DIV introduces a trusted third party (TTP) to collect the integrity information and detect remotely the integrity violations on VMs periodically to avoid the heavy involvement of cloud tenants and unnecessary information leakage of the cloud providers. To evaluate the effectiveness and efficiency of DIV framework, a prototype on KVM/QEMU is implemented, and extensive analysis and experimental evaluation are performed. Experimental results show that the DIV can efficiently validate the integrity of files and loaded programs in real-time, with minor performance overhead.