Information Retrieval in Clouds

Abstract

Cloud computing nowadays is prevalent in our daily life, and it has been commonly used to provide IT (Information Technology) services over the Internet. Virtualization, as the foundation and main enabling technology of cloud computing, has played a crucial role in computing resource management inside a cloud, sharing finite hardware resources among a large number of software systems and programs. However, the security of virtualization has become a major concern for organizations and individuals who are hesitating to deploy their critical applications or data in cloud environments. This is mainly due to the fact that a hypervisor, which is a key component of virtualization, runs directly on the hardware or a host operating system (OS) to create and manage the guest OSes and have a higher privilege level than guest OSes. While significant research efforts have been paid to understand the cyber threats exposed by cloud computing, it is yet unclear how insecure/secure cloud environments are. This proposal attempts to seek an answer for this question from a new and different perspective: information retrieval in clouds. In particular, we consider to retrieve information in two directions. One direction is from attackersÕ point of view, we investigate how much sensitive information attackers can obtain; the other direction is from defendersÕ perspective, we investigate how much sensitive information defenders can collect. The more detailed descriptions of the two directions are given as follows.  (1) The first research thrust of this project, which we define it as virtual machine extrospection (VME), investigates the scenarios when attackers are in control of one virtual machine or multiple virtual machines in the cloud, and they try to disclose various critical information about the outside world, i.e., the underlying cloud infrastructure, in the hope that gathering these pieces of information would help them compromise the cloud infrastructure or other virtual machines in the cloud; (2) The second research thrust of this project, which has been defined by other researchers as a technique called virtual machine introspection (VMI), investigates the scenarios when cloud service providers deploy defensive tools outside of virtual machines, and let these defensive tools to collect the internal information of those virtual machines, with the goal of discovering suspicious or abnormal information, which often indicates a potential intrusion to the virtual machines. The research will serve as an catalyst to promote the security level in cloud environments. The exploration of VME will help us understand how much security risk and vulnerability attackers can cause if they gain in-depth knowledge of underlying hypervisors via information retrieval, and then we will develop corresponding countermeasures to prevent such information leakage and reduce the damage. The further investigation of VMI will enable us to build a one-for-many VMI and memory enhance forensic tool, which will significantly enhance existing defense techniques such as intrusion detection.

Document Details

Document Type

DoD Grant Award

Publication Date

Feb 14, 2019

Source ID

W911NF1910049

Entities

Tags