This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
2012 IEEE Fifth International Conference on Cloud Computing
Supporting Virtualization-Aware Security Solutions Using a Systematic Approach to Overcome the Semantic Gap
Honolulu, HI, USA USA
June 24-June 29
ISBN: 978-1-4673-2892-0
A prerequisite to implementing virtualization-aware security solutions is to solve the "semantic gap" problem. Current approaches require a deep knowledge of the kernel data to manually solve the semantic gap. However, kernel data is very complex; an Operating System (OS) kernel contains thousands of data structures that have direct and indirect (pointer) relations between each other with no explicit integrity constraints. This complexity makes it impractical to use manual methods. In this paper, we present a new solution to systematically and efficiently solve the semantic gap for any OS, without any prior knowledge of the OS. We present: (i) KDD, a tool that systematically builds a precise kernel data definition for any C-based OS such as Windows and Linux. KDD generates this definition by performing points-to analysis on the kernel's source code to disambiguate the pointer relations. (ii) SVA, a security appliance that solves the semantic gap based on the generated definition, to systematically and externally map the virtual machines' physical memory and extract the runtime dynamic objects.  We have implemented prototypes for KDD and SVA, and have performed different experiments to prove their effectiveness.
Index Terms:
Kernel,Security,Semantics,Data structures,Context,Runtime,Algorithm design and analysis,virtualization-aware security solutions,Kernel data structures,semantic gap,points-to analysis,IaaS
Citation:
Amani S. Ibrahim, James Hamlyn-Harris, John Grundy, Mohamed Almorsy, "Supporting Virtualization-Aware Security Solutions Using a Systematic Approach to Overcome the Semantic Gap," cloud, pp.836-843, 2012 IEEE Fifth International Conference on Cloud Computing, 2012
Usage of this product signifies your acceptance of the Terms of Use.