KVMIveggur: Flexible, secure, and efficient support for self-service virtual machine introspection. (July 2022)
- Record Type:
- Journal Article
- Title:
- KVMIveggur: Flexible, secure, and efficient support for self-service virtual machine introspection. (July 2022)
- Main Title:
- KVMIveggur: Flexible, secure, and efficient support for self-service virtual machine introspection
- Authors:
- Sentanoe, Stewart
Dangl, Thomas
Reiser, Hans P. - Abstract:
- Abstract: Virtual machine introspection (VMI) has evolved into a widely used technique for purposes such as digital forensics, intrusion detection, and malware analysis. The recent integration of enhanced VMI capabilities into KVM further facilitates the use of VMI. A significant obstacle, however, remains: VMI usually requires highly privileged access to the host system. Existing research prototypes that address this issue either target only the Xen hypervisor, are extremely slow, offer only a subset of the desired functionality, or are hard to deploy in real-life systems. We present our flexible KVMIveggur architecture as a novel solution to these challenges. It offers three flavors of isolation (using containers, virtual machines, and network remote access) that all enable access control for secure self-service VMI in cloud environments. It enables the full use of passive and active VMI, supports continuous monitoring also during live VM migration, and can be tailored for low overhead and minimal resource utilization on the host system. The experimental evaluation of our prototype demonstrates the feasibility and the efficiency of our approach and provides detailed insights into the differences between the three flavors.
- Is Part Of:
- Forensic science international. Volume 42(2022)Supplement
- Journal:
- Forensic science international
- Issue:
- Volume 42(2022)Supplement
- Issue Display:
- Volume 42, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 42
- Issue:
- 2022
- Issue Sort Value:
- 2022-0042-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-07
- Subjects:
- Virtual machine introspection -- Virtual machine -- KVM -- Access control
- Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.fsidi.2022.301397 ↗
- Languages:
- English
- ISSNs:
- 2666-2817
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22352.xml