Abstract | ||
---|---|---|
Cloud applications are appealing targets to attackers, yet current cloud infrastructures have few ways of helping defend their customers from attacks. However, the use of virtual machines, and the economy of scale found in cloud platforms, provides an opportunity to offer strong security guarantees to tenants at low cost to the cloud provider. We present CRIMES, an evidence based, modular security framework for cloud platforms that uses speculative execution coupled with memory introspection tools to detect malicious behavior in real time. By buffering VM outputs (i.e., outgoing network packets and disk writes) until a scan has been completed, CRIMES gives strong guarantees about the amount of damage an attack can do, while minimizing overheads. When an attack is detected, CRIMES rolls back to a recent checkpoint and performs automated forensic analysis to help pinpoint the source of an attack. Our evaluation demonstrates that CRIMES incurs less overhead compared to memory protection tools such as AddressSanitizer, while offering valuable forensic analysis for buffer overflow attacks and malware detection across multiple applications and the OS.
|
Year | DOI | Venue |
---|---|---|
2018 | 10.1145/3274808.3274812 | Middleware '18: 19th International Middleware Conference
Rennes
France
December, 2018 |
Field | DocType | ISBN |
Memory protection,Virtual machine,AddressSanitizer,Computer security,Speculative execution,Computer science,Network packet,Malware,Buffer overflow,Cloud computing | Conference | 978-1-4503-5702-9 |
Citations | PageRank | References |
0 | 0.34 | 21 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Sundaresan Rajasekaran | 1 | 46 | 2.85 |
Harpreet Singh Chawla | 2 | 0 | 0.34 |
Zhen Ni | 3 | 525 | 33.47 |
Neel Shah | 4 | 0 | 0.34 |
Emery D. Berger | 5 | 1048 | 55.87 |
Timothy Wood | 6 | 349 | 27.52 |