Design of a Hypervisor-based Rootkit Detection Method for Virtualized Systems in Cloud Computing Environments
Tongwook Hwang, Youngsang Shin, Kyungho Son, Haeryong Park
Available Online December 2013.
- https://doi.org/10.2991/wiet-13.2013.7How to use a DOI?
- Cloud security; Virtualization security; Rootkit detection; Hypervisor; Rootkit
- Cloud computing is becoming increasingly popular. Many companies utilize cloud computing services to minimize IT infrastructure costs. The popularity of cloud computing has attracted the interest of cyber criminals. As the result, virtualized environments are a valid and attractive target for APT attacks. Since the key components in APT attacks are rootkit malware that provides stealth, detecting rootkits is an effective measure for protecting against APT attacks. Traditional rootkit detection algorithms are based on non-virtualized environments, where a detection agent tries to identify incoherency in OS system calls to detect rootkits. However, applying these algorithms to cloud computing environments entails installing a copy of the detection agent in every virtual machine, resulting in inefficient storage use and performance degradation. We propose a hypervisor-based, out-of-the-box rootkit detection system that takes cloud computing environments into consideration. The method utilizes vIPS platform to gain many beneficial traits including hypervisor-independency, agentless virtual security appliance structure, and usability. Therefore the method provides effective protection against rootkits in cloud computing environments.
- Open Access
- This is an open access article distributed under the CC BY-NC license.
Cite this article
TY - CONF AU - Tongwook Hwang AU - Youngsang Shin AU - Kyungho Son AU - Haeryong Park PY - 2013/12 DA - 2013/12 TI - Design of a Hypervisor-based Rootkit Detection Method for Virtualized Systems in Cloud Computing Environments PB - Atlantis Press SP - 27 EP - 32 SN - 1951-6851 UR - https://doi.org/10.2991/wiet-13.2013.7 DO - https://doi.org/10.2991/wiet-13.2013.7 ID - Hwang2013/12 ER -