Abstract
Although Virtual Machine Introspection (VMI) tools are increasingly capable, modern multi-tenant cloud providers are hesitant to expose the sensitive hypervisor APIs necessary for tenants to use them. Outside the cloud, VMI and virtualization-based security’s adoption rates are rising and increasingly considered necessary to counter sophisticated threats. This paper introduces Furnace, an open source VMI framework that outperforms prior frameworks by satisfying both a cloud provider’s expectation of security and a tenant’s desire to run their own custom VMI tools underneath their cloud VMs. Furnace’s flexibility and ease of use is demonstrated by porting four existing security and monitoring tools as Furnace VMI apps; these apps are shown to be resource efficient while executing up to 300x faster than those in previous VMI frameworks. Furnace’s security properties are shown to protect against the actions of malicious tenant apps.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
2017 Roundup of Cloud Computing Forecasts, https://goo.gl/pJ9uj2.
- 2.
Microsoft Virtualization-Based Security: https://goo.gl/eixiqr.
- 3.
BitDefender Hypervisor Introspection: https://goo.gl/MrZFQj.
- 4.
- 5.
This list is an expansion of the five framework problems described by CloudPhylactor.
- 6.
- 7.
- 8.
Similarly, while Furnace was developed on Xen, it can also support KVM when equipped with a KVM-compatible \(L_2\) component.
- 9.
Lambda represents container-based sandboxes in part because it is routinely audited.
- 10.
- 11.
While this precludes multithreaded apps, Sect. 6.2 shows performance is acceptable. Heavy processing is better accomplished by the app ’s backend, which lacks this restriction.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
References
Arulraj, L., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Improving virtualized storage performance with sky. In: ACM VEE (2017). https://doi.org/10.1145/3050748.3050755
Baek, H.W., Srivastava, A., Merwe, J.V.D.: CloudVMI: virtual machine introspection as a cloud service. In: 2014 IEEE International Conference on Cloud Engineering, pp. 153–158 (2014). https://doi.org/10.1109/IC2E.2014.82
Bahram, S., et al.: DKSM: subverting virtual machine introspection for fun and profit. In: 29th IEEE Symposium on Reliable Distributed Systems, October 2010
Bauman, E., Ayoade, G., Lin, Z.: A survey on hypervisor-based monitoring: approaches, applications, and evolutions. ACM Comput. Surv. 48, 10 (2015)
Bushouse, M., Ahn, S., Reeves, D.: Arav: monitoring a cloud’s virtual routers. In: Proceedings of the 12th Annual Conference on Cyber and Information Security Research (2017)
Butt, S., Lagar-Cavilla, H.A., Srivastava, A., Ganapathy, V.: Self-service cloud computing. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. CCS 2012, pp. 253–264. ACM, New York (2012). https://doi.org/10.1145/2382196.2382226
Dolan-Gavitt, B., Payne, B., Lee, W.: Leveraging forensic tools for virtual machine introspection. Technical report, Georgia Institute of Technology (2011)
Dykstra, J., Sherman, A.T.: Design and implementation of FROST: digital forensic tools for the openstack cloud computing platform. Digit. Invest. 10, S87–S95 (2013)
Fischer, A.: CloudIDEA: a malware defense architecture for cloud data centers. In: Debruyne, C. (ed.) On the Move to Meaningful Internet Systems: OTM 2015 Conferences. OTM 2015, vol. 9415, pp. 594–611. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26148-5_40
Fraser, T., Evenson, M., Arbaugh, W.: VICI virtual machine introspection for cognitive immunity. In: 2008 Annual Computer Security Applications Conference. ACSAC 2008 (2008)
Garfinkel, T.: Traps and pitfalls: practical problems in system call interposition based security tools. In: NDSS, vol. 3, pp. 163–176 (2003)
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the Network and Distributed Systems Security Symposium (2003)
Gorenc, B., Spelman, J.: Thinking Outside the Sandbox: Violating Trust Boundaries in Uncommon Ways. Black Hat, USA (2014)
Jaeger, T., Sailer, R., Zhang, X.: Analyzing integrity protection in the SELinux example policy. In: USENIX SEC (2003)
Jain, B., Baig, M.B., Zhang, D., Porter, D.E., Sion, R.: SoK: introspections on trust and the semantic gap. In: IEEE S&P (2014)
Kim, T., Zeldovich, N.: Practical and effective sandboxing for non-root users. In: USENIX ATC, San Jose, CA (2013)
Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system. In: Proceedings of the 30th Annual Computer Security Applications Conference. ACSAC 2014. ACM (2014)
Liu, Z., Lovet, G.: Breeding sandworms: how to fuzz your way out of adobe reader x’s sandbox. In: Black Hat EUROPE (2012)
Payne, B.D., de Carbone, M., Lee, W.: Secure and flexible monitoring of virtual machines. In: Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC) (2007)
Provos, N.: Improving host security with system call policies. In: USENIX SEC (2003)
Sanders, M., Yue, C.: Automated least privileges in cloud-based web services. In: Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies. HotWeb 2017, pp. 3:1–3:6. ACM, New York (2017). https://doi.org/10.1145/3132465.3132470
Sgandurra, D., Lupu, E.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. 48(3), 46:1–46:38 (2016). https://doi.org/10.1145/2856126
Shin, S., Porras, P.A., Yegneswaran, V., Fong, M.W., Gu, G., Tyson, M.: FRESCO: modular composable security services for software-defined networks. In: NDSS (2013)
Suneja, S., Isci, C., de Lara, E., Bala, V.: Exploring VM introspection: techniques and trade-offs. In: ACM VEE (2015). https://doi.org/10.1145/2731186.2731196
Swiecki, R.: Promises and pitfalls of sandboxes. In: Presented at CONFidence (2017)
Takanen, A., Demott, J.D., Miller, C.: Fuzzing for Software Security Testing and Quality Assurance. Artech House, Norwood (2008)
Taubmann, B., Rakotondravony, N., Reiser, H.P.: CloudPhylactor: harnessing mandatory access control for virtual machine introspection in cloud data centers. In: 2016 IEEE Trustcom/BigDataSE/ISPA, pp. 957–964, August 2016. https://doi.org/10.1109/TrustCom.2016.0162
Yosifovich, P., Russinovich, M.E., Solomon, D.A., Ionescu, A.: Windows Internals, 7th edn. Microsoft Press, Redmond (2017)
Zach, J., Reiser, H.P.: LiveCloudInspector: towards integrated IaaS forensics in the cloud. In: Bessani, A., Bouchenak, S. (eds.) DAIS 2015. LNCS, vol. 9038, pp. 207–220. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19129-4_17
Acknowledgement
We thank the anonymous reviewers, William Enck, Nathan Hicks, Luke Deshotels, and Isaac Polinsky for their comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Bushouse, M., Reeves, D. (2018). Furnace: Self-service Tenant VMI for the Cloud. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2018. Lecture Notes in Computer Science(), vol 11050. Springer, Cham. https://doi.org/10.1007/978-3-030-00470-5_30
Download citation
DOI: https://doi.org/10.1007/978-3-030-00470-5_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00469-9
Online ISBN: 978-3-030-00470-5
eBook Packages: Computer ScienceComputer Science (R0)