Channels ▼
RSS

Security

Detecting Danger in the Cloud


Researchers from North Carolina State University have developed new software that offers significantly enhanced security for cloud-computing systems. The software is much better at detecting viruses or other malware in the “hypervisors” that are critical to cloud computing, and does so without alerting the malware that it is being examined.

Cloud computing is being hailed as a flexible, affordable way of offering computer resources to consumers. Under the cloud-computing paradigm, the computational power and storage of multiple computers is pooled, and can be shared by multiple users. But concerns exist about hackers finding ways to insert malware into cloud computing systems. A new program called HyperSentry, developed by researchers at NC State and IBM, should help allay those fears.

HyperSentry is security software that focuses on protecting hypervisors in virtual computing clouds. Hypervisors are programs that create the virtual workspace that allows different operating systems to run in isolation from one another — even though each of these systems is using computing power and storage capability on the same computer.

Specifically, HyperSentry enables cloud administrators to measure the integrity of hypervisors in run time — meaning that the administrators can check to see whether a hypervisor has been breached by a third party while the hypervisor is operating.

“The concern is that an attacker could compromise a hypervisor, giving them control of the cloud,” said Peng Ning, professor of computer science at NC State and coauthor of a paper describing the research. If a hypervisor is compromised, the attacker could do almost anything: access users’ sensitive information; use the cloud’s computing resources to attack other Internet entities; spread malware; etc.

“HyperSentry solves two problems,” Ning said. “It measures hypervisor integrity in a stealthy way, and it does so in the context of the hypervisor.” Context is important, Ning explains. To effectively identify hypervisor problems you need to look at the hypervisor program memory and the registers inside the central processing units (CPUs) that are actually running the program. (The registers are the internal memory of CPUs.) This is important because intelligent malware can conceal itself from security programs that look only at the memory where the hypervisor is supposed to be located — they can effectively make themselves invisible to such security programs by modifying certain registers of the CPU and thus relocating the infected hypervisor elsewhere. By ensuring in-context measurement, HyperSentry can successfully track where the infected hypervisor is actually located and thus defeat such intelligent malware.

The fact that HyperSentry can check the integrity of a hypervisor in a stealthy way — checking the hypervisor without the hypervisor being aware of it — is important, too. If a hypervisor is aware that it is being scrutinized, and has already been compromised, it can notify the malware. The malware, once alerted, can then restore the hypervisor to its normal state in order to avoid detection. Thus, the malware can effectively hide until the security check is over.

Using HyperSentry, once a compromised hypervisor has been detected, a cloud administrator can take action to respond to the compromise, such as shutting down the computer, performing additional investigations to identify the scope of the problem, and limiting how far the damage can spread.

The HyperSentry research will be presented on October 5 at the 17th ACM Conference on Computer and Communications Security in Chicago. The research was a part of the thesis work of NC State Ph.D. student Ahmed Azab, and was c-authored by Ning; NC State Ph.D. student Zhi Wang; Dr. Xuxian Jiang, an assistant professor of computer science at NC State; and Dr. Xiaolan Zhang and Nathan Skalsky of IBM. The work was done with funding from the U.S. Army Research Office, the National Science Foundation and IBM.

— North Carolina State University News Office


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video