Malware Detection and Kernel Rootkit Prevention in Cloud Computing Environments

2011 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing Pub Date : 2011-02-09 DOI:10.1109/PDP.2011.45

Matthias Schmidt, Lars Baumgärtner, Pablo Graubner, David Böck, Bernd Freisleben

{"title":"Malware Detection and Kernel Rootkit Prevention in Cloud Computing Environments","authors":"Matthias Schmidt, Lars Baumgärtner, Pablo Graubner, David Böck, Bernd Freisleben","doi":"10.1109/PDP.2011.45","DOIUrl":null,"url":null,"abstract":"The commercial success of Cloud Computing and recent developments in Grid Computing have brought platform virtualization technology into the field of high performance computing. Virtualization offers both more flexibility and security through custom user images and user isolation. In this paper, we present an approach for combined malware detection and kernel root kit prevention in virtualized Cloud Computing environments. All running binaries in a virtual instance are intercepted and submitted to one or more analysis engines. Besides a complete check against a signature database, live introspection of all system calls is performed to detect yet unknown exploits or malware. Furthermore, to prevent that an intruder retains persistent control over a running instance after a successful compromise, an in-kernel root kit prevention approach is proposed. Only authorized and thus trusted kernel modules are allowed to be loaded during runtime, loading of unauthorized modules is no longer possible. Finally, the performance of the presented solutions is evaluated.","PeriodicalId":341803,"journal":{"name":"2011 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing","volume":"71 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-02-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDP.2011.45","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 33

Abstract

The commercial success of Cloud Computing and recent developments in Grid Computing have brought platform virtualization technology into the field of high performance computing. Virtualization offers both more flexibility and security through custom user images and user isolation. In this paper, we present an approach for combined malware detection and kernel root kit prevention in virtualized Cloud Computing environments. All running binaries in a virtual instance are intercepted and submitted to one or more analysis engines. Besides a complete check against a signature database, live introspection of all system calls is performed to detect yet unknown exploits or malware. Furthermore, to prevent that an intruder retains persistent control over a running instance after a successful compromise, an in-kernel root kit prevention approach is proposed. Only authorized and thus trusted kernel modules are allowed to be loaded during runtime, loading of unauthorized modules is no longer possible. Finally, the performance of the presented solutions is evaluated.

查看原文本刊更多论文

云计算环境下的恶意软件检测与内核Rootkit防护

云计算的商业成功和网格计算的最新发展将平台虚拟化技术带入了高性能计算领域。虚拟化通过自定义用户映像和用户隔离提供了更大的灵活性和安全性。在本文中，我们提出了一种在虚拟化云计算环境中结合恶意软件检测和内核根包防护的方法。虚拟实例中所有正在运行的二进制文件都被拦截并提交给一个或多个分析引擎。除了针对特征数据库进行完整检查外，还执行所有系统调用的实时自省，以检测未知的漏洞利用或恶意软件。此外，为了防止入侵者在成功入侵后对正在运行的实例保持持久的控制，提出了一种内核内根包预防方法。在运行时期间，只允许加载经过授权且因此受信任的内核模块，不可能再加载未经授权的模块。最后，对所提出的解决方案的性能进行了评价。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing

自引率

0.00%

发文量