Enhancing security in public IaaS cloud systems through VM monitoring: a consumer’s perspective

Cloud computing is attractive for both consumers and providers to benefit from potential economies of scale in reducing cost of use (for consumers) and operation of infrastructure (for providers). In the IaaS service deployment model of the cloud, consumers can launch their own virtual machines (VMs) on an infrastructure made available by a cloud provider, enabling a number of different applications to be hosted within the VM. The cloud provider generally has full control and access to the VM, providing the potential for a provider to access both VM configuration parameters and the hosted data. Trust between the consumer and the provider is key in this context, and generally assumed to exist. However, relying on this assumption alone can be limiting. We argue that the VM owner must have greater access to operations that are being carried out on their VM by the provider and greater visibility on how this VM and its data are stored and processed in the cloud. In the case where VMs are migrated by the provider to another region, without notifying the owner, this can raise some privacy concerns. Therefore, mechanisms must be in place to ensure that violation of the confidentiality, integrity and SLA does not happen. In this thesis, we present a number of contributions in the field of cloud security which aim at supporting trustworthy cloud computing. We propose monitoring of security-related VM events as a solution to some of the cloud security challenges. Therefore, we present a system design and architecture to monitor security-related VM events in public IaaS cloud systems. To enable the system to achieve focused monitoring, we propose a taxonomy of security-related VM events. The architecture was supported by a prototype implementation of the monitoring tool called: VMInformant, which keeps the user informed and alerted about various events that have taken place on their VM. The tool was evaluated to learn about the performance and storage overheads associated with monitoring such events using CPU and I/O intensive benchmarks. Since events in multiple VMs, belonging to the same owner, may be related, we suggested an architecture of a system, called: Inspector Station, to aggregate and analyse events from multiple VMs. This system enables the consumer: (1) to learn about the overall security status of multiple VMs; (2) to find patterns in the events; and (3) to make informed decisions related to security. To ensure that VMs are not migrated to another region without notifying the owner, we proposed a hybrid approach, which combines multiple metrics to estimate the likelihood of a migration event. The technical aspects in this thesis are backed up by practical experiments to evaluate the approaches in real public IaaS cloud systems, e.g. Amazon AWS and Google Cloud Platform. We argue that having this level of transparency is essential to improve the trust between a cloud consumer and provider, especially in the context of a public cloud system

Genetic diversity of the Nubian ibex in Oman as revealed by mitochondrial DNA

The Nubian ibex (Capra nubiana) is patchily distributed across parts of Africa and Arabia. In Oman, it is one of the few free-ranging wild mammals found in the central and southern regions. Its population is declining due to habitat degradation, human expansion, poaching and fragmentation. Here, we investigated the population's genetic diversity using mitochondrial DNA (D-loop 186 bp and cytochrome b 487 bp). We found that the Nubian ibex in the southern region of Oman was more diverse (D-loop HD; 0.838) compared with the central region (0.511) and gene flow between them was restricted. We compared the genetic profiles of wild Nubian ibex from Oman with captive ibex. A Bayesian phylogenetic tree showed that wild Nubian ibex form a distinct clade independent from captive animals. This divergence was supported by high mean distances (D-loop 0.126, cytochrome b 0.0528) and high FST statistics (D-loop 0.725, cytochrome b 0.968). These results indicate that captive ibex are highly unlikely to have originated from the wild population in Oman and the considerable divergence suggests that the wild population in Oman should be treated as a distinct taxonomic unit. Further nuclear genetic work will be required to fully elucidate the degree of global taxonomic divergence of Nubian ibex populations

Impact of COVID-19 on cardiovascular testing in the United States versus the rest of the world

Objectives: This study sought to quantify and compare the decline in volumes of cardiovascular procedures between the United States and non-US institutions during the early phase of the coronavirus disease-2019 (COVID-19) pandemic. Background: The COVID-19 pandemic has disrupted the care of many non-COVID-19 illnesses. Reductions in diagnostic cardiovascular testing around the world have led to concerns over the implications of reduced testing for cardiovascular disease (CVD) morbidity and mortality. Methods: Data were submitted to the INCAPS-COVID (International Atomic Energy Agency Non-Invasive Cardiology Protocols Study of COVID-19), a multinational registry comprising 909 institutions in 108 countries (including 155 facilities in 40 U.S. states), assessing the impact of the COVID-19 pandemic on volumes of diagnostic cardiovascular procedures. Data were obtained for April 2020 and compared with volumes of baseline procedures from March 2019. We compared laboratory characteristics, practices, and procedure volumes between U.S. and non-U.S. facilities and between U.S. geographic regions and identified factors associated with volume reduction in the United States. Results: Reductions in the volumes of procedures in the United States were similar to those in non-U.S. facilities (68% vs. 63%, respectively; p = 0.237), although U.S. facilities reported greater reductions in invasive coronary angiography (69% vs. 53%, respectively; p < 0.001). Significantly more U.S. facilities reported increased use of telehealth and patient screening measures than non-U.S. facilities, such as temperature checks, symptom screenings, and COVID-19 testing. Reductions in volumes of procedures differed between U.S. regions, with larger declines observed in the Northeast (76%) and Midwest (74%) than in the South (62%) and West (44%). Prevalence of COVID-19, staff redeployments, outpatient centers, and urban centers were associated with greater reductions in volume in U.S. facilities in a multivariable analysis. Conclusions: We observed marked reductions in U.S. cardiovascular testing in the early phase of the pandemic and significant variability between U.S. regions. The association between reductions of volumes and COVID-19 prevalence in the United States highlighted the need for proactive efforts to maintain access to cardiovascular testing in areas most affected by outbreaks of COVID-19 infection

Conservation priorities for two ungulate species in the subfamily Caprinae in Oman

In this study, molecular genetic data of Arabian tahr and Nubian ibex alongside census data on Arabian tahr's abundance were analyzed. By combining these data, they complement each other to fully understand conservation management. To achieve this, we sampled wild Arabian tahr and Nubian ibex from Oman. The phylogenetic study was based on complete mitochondrial genomes of Arabian tahr (S0011) and Nubian ibex (SN02) together with available mitochondrion sequences in the caprinae tree on GenBank. Bioinformatically, PSMC (Pairwise Sequentially Markovian Coalescent) was used to infer the demographic history for both our samples. Furthermore, detection of Runs of Homozygosity (ROH) was analyzed and finally, both heterozygosity and heterozygosity ratio were examined. Census data on Arabian tahr from the northern Hajar mountains was only analyzed in this study to understand Arabian tahr occupancy outside protected areas. The phylogenetic analysis supports both Arabian tahr (S0011) and Nubian ibex (SN02) of being unique and having their own distinct lineages. The closest relatives to Nubian ibex (SN02) and Arabian tahr (S0011) are Alpine ibex (Capra ibex) and Aoudad/the Barbary sheep (Ammotragus lervia). PSMC analysis using Arabian tahr and Nubian ibex revealed that they did not go through a severe bottleneck phase. However, Arabian tahr had a small (Ne of ~1000) stable effective population size from ~1 million years ago till about ~ 20,000 years ago. Similarity, the Nubian ibex population maintained a low (Ne of ~1000) population size during the last glacial period but was about twice as large during the last interglacial. Only 31.5% (23) of the total camera traps (73) deployed detected Arabian tahr. The summed occupancy across 73 cameras was 25.29 and this suggests that they occur in one third (34%) of the study area outside protected areas. Furthermore, slope seemed to be used by Arabian tahr to gain access to shade and forage rather than rugged terrain

Implementing migration-aware virtual machines

Virtual Machines hosted in cloud systems are susceptible to migration usually without notifying the cloud consumer. This is generally undertaken to load balance user requests across multiple data centres, often without direct awareness of the user. Migration could be to a regional site or to a data centre in another geographical area, i.e. to a country which has non-conforming laws with regards to data privacy. This concern becomes even more significant when a cloud federation is considered, where a number of different providers may need to work together. It is therefore necessary to develop a mechanism that enables a user to detect if migration of a VM has happened. More importantly, such a mechanism should be user driven and not require input from a provider. We compare various techniques to enable a VM migration to be detected, by monitoring events inside a VM that could signify whether such a migration has taken place, and subsequently notifying the owner about such an event. A review of migration detection techniques is presented followed by the proposition of a hybrid model to carry out the migration detection process

Analysing virtual machine security in cloud systems

The cloud computing concept has significantly influenced how information is delivered and managed in large scale distributed systems today. Cloud computing is currently expected to reduce the economic cost of using computational and data resources, and is therefore particularly appealing to small and medium scale companies (who may not wish to maintain in-house IT departments). To provide economies of scale, providers of Cloud computing infrastructure make significant use of virtualisation techniques – in which processes of various tenants sharing the same physical resources are separated logically using a hypervisor. In spite of its wide adoption in Cloud computing systems, virtualisation technology suffers from many security and privacy issues. We outline security challenges that remain in the use of virtualisation techniques to support multiple customers on the same shared infrastructure. We also illustrate, using an experiment, how data leakage occurs when multiple VMs are executed on the same physical infrastructure, leading to unauthorised access to (previously) deleted data

VMInformant: an instrumented virtual machine to support trustworthy cloud computing

Cloud computing is attractive for both consumers and providers to benefit from potential economies of scale in reducing cost of use (for consumers) and operation of infrastructure (for providers). In the IaaS service deployment model of the cloud, consumers can launch their own virtual machines (VMs) on infrastructure made available by a cloud provider, enabling a number of different applications to be hosted within the VM. The cloud provider generally has full control and access to the VM, providing the potential for a provider to access both VM configuration parameters and the hosted data. Trust between the consumer and the provider is key in this context, and generally assumed to exist. However, relying on this assumption can be limiting. We argue that the VM owner must have greater access to operations that are being carried out on their VM by the provider and greater visibility on how this VM and its data are stored and processed in the cloud. We present VMInformant", a VM monitoring system that can keep the user informed and alerted about various events that have taken place on their VM (both inside the VM and via calls made through a hypervisor). A taxonomy of VM security-related events is presented, along with performance overheads associated with monitoring such events using CPU and I/O intensive benchmarks. We argue that having this level of transparency is essential to improve trust between a cloud consumer and provider, especially in the context of a public cloud system

Virtual machine introspection

Due to exposure to the Internet, virtual machines (VMs) as forms of delivering virtualized infrastructures and resources represent a first point-of-target for security attackers who want to gain access into the virtualization environment. In-VM monitoring approach can be compromised in the event of a successful VM compromise. Virtual Machine Introspection (VMI) takes a different approach of monitoring the guest VMs externally. This paper presents a review on VMI focusing on the typical usages of integrating VMI with other virtualization security techniques