Abstract | ||
---|---|---|
Software will always be vulnerable to attacks. Although techniques exist that could prevent or limit the risk of exploits, performance overhead blocks their adoption. Services deployed into the cloud are typically customer facing, leaving them even more exposed to attacks from malicious users. However, the use of virtual machines, and the economy of scale found in cloud platforms, provides an opportunity to offer strong security guarantees to tenants at low cost to the cloud provider. We present ScaaS, a security Scanning as a Service framework for cloud platforms that uses frequent virtual machine checkpointing coupled with memory introspection techniques to detect bugs and malicious behavior in real time. By buffering VM outputs (i.e., outgoing network packets and disk writes) until a scan has been completed, ScaaS gives strong guarantees about the amount of damage an attack can do, while minimizing overheads. |
Year | Venue | Field |
---|---|---|
2016 | HotCloud | Asynchronous communication,Virtual machine,Computer security,Computer science,Network packet,Real-time computing,Exploit,Cloud computing security,Software,Scalability,Cloud computing,Distributed computing |
DocType | Citations | PageRank |
Conference | 2 | 0.37 |
References | Authors | |
7 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Sundaresan Rajasekaran | 1 | 46 | 2.85 |
Zhen Ni | 2 | 2 | 1.72 |
Harpreet Singh Chawla | 3 | 2 | 0.37 |
Neel Shah | 4 | 4 | 1.86 |
Timothy Wood | 5 | 349 | 27.52 |
Emery D. Berger | 6 | 1048 | 55.87 |