Skip to main content
SpringerLink
Log in

A VMM-based intrusion prevention system in cloud computing environment

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

With the development of information technology, cloud computing becomes a new direction of grid computing. Cloud computing is user-centric, and provides end users with leasing service. Guaranteeing the security of user data needs careful consideration before cloud computing is widely applied in business. Virtualization provides a new approach to solve the traditional security problems and can be taken as the underlying infrastructure of cloud computing. In this paper, we propose an intrusion prevention system, VMFence, in a virtualization-based cloud computing environment, which is used to monitor network flow and file integrity in real time, and provide a network defense and file integrity protection as well. Due to the dynamicity of the virtual machine, the detection process varies with the state of the virtual machine. The state transition of the virtual machine is described via Definite Finite Automata (DFA). We have implemented VMFence on an open-source virtual machine monitor platform—Xen. The experimental results show our proposed method is effective and it brings acceptable overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Foster I, Kesselman C, Tuecke S (2001) The anatomy of the grid: enabling scalable virtual organizations. Int J High Perform Comput Appl 15:200–222

    Article  Google Scholar 

  2. Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G (2009) Above the clouds: a Berkeley view of cloud computing. Technical report, Electrical Engineering and Computer Sciences, University of California at Berkeley

  3. Buyya R, Yeo CS, Venugopal S (2008) Market-oriented cloud computing: vision, hype, and reality for delivering IT services as computing utilities. In: 10th IEEE international conference on high performance computing and communications. IEEE, Washington, pp 5–13

    Google Scholar 

  4. Rosenblum M, Garfinkel T (2005) Virtual machine monitors: current technology and future trends. IEEE Comput 38:39–47

    Article  Google Scholar 

  5. Smith JE, Nair R (2005) The architecture of virtual machines. IEEE Comput 38:32–38

    Article  Google Scholar 

  6. Adams K, Agesen O (2006) A comparison of software and hardware techniques for x86 virtualization. In: 12th international conference on architectural support for programming languages and operating systems. ACM, California, pp 2–13

    Chapter  Google Scholar 

  7. Garfinkel T, Rosenblum M (2005) When virtual is harder than real: security challenges in virtual machine based computing environments. In: 10th workshop on hot topics in operating systems. IEEE, Santa Fe, pp 20–25

    Google Scholar 

  8. Machado RB, Boukerche A, Sobral JBM, Juca KRL, Notare MSMA (2005) A hybrid artificial immune and mobile agent intrusion detection based model for computer network operations. In: 19th IEEE international parallel and distributed processing symposium. IEEE, Denver, pp 191–198

    Chapter  Google Scholar 

  9. Kim GH, Spafford EH (1994) The design and implementation of tripwire: a file system integrity checker. In: 2nd ACM conference on computer and communications security. ACM, Fairfax, pp 18–29

    Google Scholar 

  10. Chrun D, Cukier M, Sneeringer G (2008) Finding corrupted computers using imperfect intrusion prevention system event data. In: Computer safety reliability, and security, vol 5219, pp 221–234

    Chapter  Google Scholar 

  11. Jin H, Xiang G, Zhao F, Zou D, Li M, Shi L (2009) VMFence: a customized intrusion prevention system in distributed virtual computing environment. In: 3rd international conference on ubiquitous information management and communication. ACM, Suwon

    Google Scholar 

  12. Barham P, Dragovic B, Fraser K, Harris SHT, Ho A, Neugebauer R, Pratt I, Warfield A (2003) Xen and the art of virtualization. In: 19th ACM symposium on operating systems principles. ACM, New York, pp 164–177

    Google Scholar 

  13. Pratt I, Fraser K, Hand S, Limpach C, Warfield A, Magenheimer D, Nakajima J, Mallick A (2005) Xen 3.0 and the art of virtualization. In: 2005 Linux symposium. USENIX, Ottawa, pp 65–77

    Google Scholar 

  14. Chisnall D (2007) The definite guide to the Xen hypervisor. Prentice Hall, New York

    Google Scholar 

  15. Gelsinger PP (2001) Microprocessors for the new millennium: challenges, opportunities, and new frontiers. In: 45th international solid state circuits conference. ACM, San Francisco, pp 22–35

    Google Scholar 

  16. Intel Staff. Intel 64 and IA-32 architectures software developer’s manuals. Intel Corporation, November 2008

  17. AMD Staff. AMD64 architecture programmer’s manual. AMD Corporation, September 2007

  18. Dunlap GW, King ST, Cinar S, Basrai M, Chen PM (2002) Revirt: enabling intrusion analysis through virtual machine logging and replay. In: 5th symposium on operating systems design and implementation. USENIX, Boston, pp 211–224

    Chapter  Google Scholar 

  19. Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: 10th network and distributed system symposium. IEEE, San Diego, pp 191–206

    Google Scholar 

  20. Joshi A, King ST, Dunlap GW, Chen PM (2005) Detecting past and present intrusions through vulnerability-specific predicates. In: 20th ACM symposium on operating systems principles. ACM, Brighton, pp 1–15

    Google Scholar 

  21. Kourai K, Chiba S (2005) HyperSpector: virtual distributed monitoring environments for secure intrusion detection. In: 1st ACM/USENIX international conference on virtual execution environments. ACM, Chicago, pp 197–207

    Chapter  Google Scholar 

  22. Pennington AG, Strunk JD, Griffin JL, Soules CAN, Goodson GR, Ganger GR (2003) Storage-based intrusion detection: watching storage activity for suspicious behavior. In: 12th USENIX security symposium. USENIX, Washington, pp 1–15

    Google Scholar 

  23. Patil S, Kashyap A, Sivathanu G, Zadok E (2004) I3FS: an in-kernel integrity checker and intrusion detection file system. In: 18th USENIX large installation system administration conference. USENIX, Atlanta, pp 67–78

    Google Scholar 

  24. Quynh NA, Takefuji Y (2007) A novel approach for a file-system integrity monitor tool of Xen virtual machine. In: 2nd ACM symposium on information, computer and communications security. ACM, Singapore, pp 194–203

    Google Scholar 

  25. Bovet DP, Cesati M (2005) Understanding the Linux kernel, 3rd edn. O’Reilly, Sebastopol

    Google Scholar 

  26. VMware Home Page. http://www.vmware.com

  27. Virtual PC Home Page. http://www.microsoft.com/windows/virtual-pc

  28. OSSEC Home Page. http://www.ossec.net

  29. Snort Home Page. http://www.snort.org

Download references

Author information

Authors and Affiliations

  1. Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan, China

    Hai Jin, Guofu Xiang, Deqing Zou, Song Wu, Feng Zhao, Min Li & Weide Zheng

Authors
  1. Hai Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guofu Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Deqing Zou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Song Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Feng Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Min Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Weide Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Deqing Zou.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Jin, H., Xiang, G., Zou, D. et al. A VMM-based intrusion prevention system in cloud computing environment. J Supercomput 66, 1133–1151 (2013). https://doi.org/10.1007/s11227-011-0608-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-011-0608-2

Keywords

Search

Navigation