Deploying Virtual Machines on Shared Platforms

In this report, we describe mechanisms for secure deployment of virtual machines on shared platforms looking into a telecommunication cloud use case, which is also presented in this report. The architecture we present focuses on the security requirements of the major stakeholders’ part of the scenario we present. This report comprehensively covers all major security aspects including different security mechanisms and protocols, leveraging existing standards and state-of-the art wherever applicable. In particular, our architecture uses TCG technologies for trust establishment in the deployment of operator virtual machines on shared resource platforms. We also propose a novel procedure for securely launching and cryptographically binding a virtual machine to a target platform thereby protecting the operator virtual machine and its related credentials

Security Aware Virtual Base Station Placement in 5G Cloud Radio Access Networks

© 2018, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. In fifth generation (5G) cloud radio access networks (C-RAN), baseband processing of base stations (BS’s) will be processed on virtual machines called virtual BSs (VBS) in the centralized cloud architecture. The existing researches mostly focus on how to maximize resource utilization and reduce energy consumption in 5G C-RAN using VBS placement. However, security issues in the context of VBS placement within 5G C-RAN have been rarely addressed. In this paper, a security aware VBS placement (SAV) scheme within 5G C-RAN is proposed where the placement of VBSs to physical machines (PMs) considers the security levels of both the VBS and the PM. A rigorous simulation study is conducted for validating the proposed scheme, which shows a significant security improvement of 16% compared to the heuristic simulated annealing scheme (HSA).Published versio

HyBIS: Windows Guest Protection through Advanced Memory Introspection

Effectively protecting the Windows OS is a challenging task, since most implementation details are not publicly known. Windows has always been the main target of malwares that have exploited numerous bugs and vulnerabilities. Recent trusted boot and additional integrity checks have rendered the Windows OS less vulnerable to kernel-level rootkits. Nevertheless, guest Windows Virtual Machines are becoming an increasingly interesting attack target. In this work we introduce and analyze a novel Hypervisor-Based Introspection System (HyBIS) we developed for protecting Windows OSes from malware and rootkits. The HyBIS architecture is motivated and detailed, while targeted experimental results show its effectiveness. Comparison with related work highlights main HyBIS advantages such as: effective semantic introspection, support for 64-bit architectures and for latest Windows (8.x and 10), advanced malware disabling capabilities. We believe the research effort reported here will pave the way to further advances in the security of Windows OSes

Reinforcement Learning to Reduce the Attack Surface in Self Service Cloud Computing

Cloud computing offers various services which are analogous to traditional data centers. The on demand supply of resources make this model of utility computing as the platform for many web based services. However security is always a major concern. This thesis proposes a new architecture called Self-service cloud computing with virtual shield (VS) to secure the entire cloud environment. Virtual shield (VS) is designed with the reinforcement learning mechanism to dynamically change the configurations of the client virtual machines (VM) in case of an attack to achieve the required security. This work introduces a novel way to measure the security of the system based on attack surface. The configurations scores generated during the learning process determines the activity of the client. The dynamic configuration of virtual machines in-case of an attack, reduces the attack surface and secures the cloud VM's.Computer Scienc

CyberGuarder: a virtualization security assurance architecture for green cloud computing

Cloud Computing, Green Computing, Virtualization, Virtual Security Appliance, Security Isolation