Paper Info
Title
Efficient Retrieval of Key Material for Inspecting Potentially Malicious Traffic in the Cloud
Abstract
Cloud providers must detect malicious traffic in and out of their network, virtual or otherwise. The use of Intrusion Detection Systems (IDS) has been hampered by the encryption of network communication. The result is that current signatures cannot match potentially malicious requests. A method to acquire the encryption keys is Virtual Machine Introspection (VMI). VMI is a technique to view the internal, and yet raw, representation of a Virtual Machine (VM). Current methods to find keys are expensive and use sliding windows or entropy. This inevitably requires reading the memory space of the entire process, or worse the OS, in a live environment where performance is paramount. This paper describes a structured walk of memory to find keys, particularly RSA, using as fewer reads from the VM as possible. In doing this we create a scalable mechanism to populate an IDS with keys to analyse traffic.
Year
DOI
Venue
2015
10.1109/IC2E.2015.26
IC2E
Keywords
Field
DocType
encryption,ids,virtual machines,intrusion detection systems,cloud computing,inspection,entropy,forensics,servers,cryptography,memory management
Virtual machine introspection,Live forensics,Virtual machine,Network communication,Computer science,Computer security,Encryption,Intrusion detection system,Scalability,Cloud computing
Conference
Citations 
PageRank 
References 
2
0.42
15
Authors
3
Name
Order
Citations
PageRank
John T. Saxon131.13
Behzad Bordbar271452.94
Keith Harrison3171.56