The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Virtualization technology is well established in the server and desktop spaces, and has been spreading across embedded system market. This technology allows for the coexistence and execution of multiples operating systems on top of the same hardware platform, with proven technological and economic benefits. Hardware extensions for easing virtualization have been added into several commercial off-the-shelf...
With the increasing deployments of Network Functions Virtualization (NFV) in both industry and academia, it becomes necessary to design mechanisms for keeping the integrity of Service Function Chains (SFC) responsible for NFV services delivering. Despite the advances in the development of management and orchestration for NFV, solutions to keep SFCs resilient to well-known and zero-day threats are...
As modern unmanned aerial systems (UAS) continue to expand the frontiers of automation, new challenges to security and thus its safety are emerging. It is now difficult to completely secure modern UAS platforms due to their openness and increasing complexity. We present the VirtualDrone Framework, a software architecture that enables an attack-resilient control of modern UAS. It allows the system...
Many reasons make NFV an attractive paradigm for IT security: lowers costs, agile operations and better isolation as well as fast security updates, improved incident responses and better level of automation. On the other side, the network threats tend to be increasingly complex and distributed, implying huge traffic scale to be monitored and increasingly strict mitigation delay requirements. Considering...
Nowadays, nested VMs are often being used to address compatibility issues, security concerns, software scaling and continuous integration scenarios. With the increased adoption of nested VMs, there is a need for newer techniques to troubleshoot any unexpected behavior. Because of privacy and security issues, ease of deployment and execution overhead, these investigation techniques should preferably...
To prevent attacks on essential software and to mitigate damage, an attack avoiding method that complicates process identification from attackers is proposed. This method complicates the identification of essential services by replacing process information with dummy information. However, this method allows attackers to identify essential processes by detecting changes in process information. To address...
Cloud computing is a new IT delivery paradigm that offers computing resources as on-demand services over the Internet. Like all forms of outsourcing, cloud computing raises serious concerns about the security of the data assets that are outsourced to providers of cloud services. Security issues of cloud platform have gradually drawn the attention of research institutions and various security companies...
Memory error exploits rank among the most serious security threats. Of the plethora of memory error containment solutions proposed over the years, most have proven to be too weak in practice. Multi-Variant eXecution (MVX) solutions can potentially detect arbitrary memory error exploits via divergent behavior observed in diversified program variants running in parallel. However, none have found practical...
Recent years witness the successful adoption of Cloud computing. However, security remains the top concern for cloud users. The fundamental issue is that cloud providers cannot convince cloud users the trustworthiness of cloud platforms. In this paper, we propose a cloud auditing framework, named CloudAuditor, to examine the behaviors of cloud platforms. By leveraging nested virtualization technology,...
This paper analyzed the former works relevant to Virtual Machine Introspection (VMI) and found that most of the VMI applications are deployed either in the hypervisor or in privileged virtual machines (dom0). As VMI applications may also be vulnerable, it will increase the risk of hypervisor or dom0 being attacked where other critical tools such as management tools and performance monitoring tools...
Network security management is becoming more and more complicated in recent years, considering the need of deploying more and more network security devices/middle-boxes at various locations inside the already complicated networks. A grand challenge in this situation is that current management is inflexible and the security resource utilization is not efficient. The flexible deployment and utilization...
Many current VM monitoring approaches require guest OS modifications and are also unable to perform application level monitoring, reducing their value in a cloud setting. This paper introduces hprobes, a framework that allows one to dynamically monitor applications and operating systems inside a VM. The hprobe framework does not require any changes to the guest OS, which avoids the tight coupling...
Virtualization has become a target for attacks in cloud computing environments. Existing approaches to protecting the virtualization environment against the attacks are limited in protection scope and are with high overheads. This paper proposes a novel virtualization security solution which aims to provide comprehensive protection of the virtualization environment.
As the impacts of security threats are amplified and spread quickly in the cloud, especially with the attribute of large-scale virtualization. Most of researches focus on monitoring the network traffic. However, these methods don't check how the attack happened and what damage the attack caused for the virtual infrastructure. This paper presents a logging method to analyze the potential attacks out...
With the increasing of software complexity in computing systems, more and more powerful mainframe computing systems begin to use Xen virtualization technology to split the system into several parts, making system maintenance much easier and more targeted while obtaining better operating efficiency. But precisely because of these different system parts running in different Xen-virtualized domains,...
This paper proposes the concept of application software compatibility and highlights its important implication to high-reliable information application system. Aiming at the issues of typical of software compatibility, an analysis method of software compatibility is presented based on hardware virtualization. Compatibility of two typical information security software is analyzed and the results are...
The Cloud attempts to provide its users with automatically scalable platforms to host many applications and operating systems. To allow for quick deployment, they are often homogenised to a few images, restricting the variations used within the Cloud. An exploitable vulnerability stored within an image means that each instance will suffer from it and as a result, an attacker can be sure of a high...
Linux Kernel Virtual Machine (KVM) is one of the most commonly deployed hyper visor drivers in the IaaS layer of cloud computing ecosystems. The hyper visor provides a full-virtualization environment that intends to virtualize as much hardware and systems as possible, including CPUs, network interfaces and chipsets. With KVM, heterogeneous operating systems can be installed in Virtual Machines (VMs)...
Today's smartphones are not only tools for entertainment and communication, but also very effective tools for increasing the productivity of business users. End user can connect to company's IT infrastructure for uploading and downloading business data. However, smartphone security mechanisms have been discovered to offer very limited protection against malicious applications that pose a real threat...
Virtualized datacenter (VDC) has become a popular approach to large-scale system consolidation and the enabling technology for infrastructure-as-a-service cloud computing. The consolidation inevitably aggregates the security threats once faced by individual systems towards a VDC, and a VDC operator should remain vigilant of the threats at all times. We envision the need for on-demand mandatory security...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.