A Concurrent Security Monitoring Method for Virtualization Environments

Recently,virtualization technologies have been widely used in industry.In order to monitor the security of target systems in virtualization environments,conventional methods usually put the security monitoring mechanism into the normal functionality of the target systems.However,these methods are either prone to be tempered by attackers or introduce considerable performance overhead for target systems.To address these problems,in this paper,we present a concurrent security monitoring method which decouples traditional serial mechanisms,including security event collector and analyzer,into two concurrent components.On one hand,we utilize the SIM framework to deploy the event collector into the target virtual machine.On the other hand,we combine the virtualization technology and multi-core technology to put the event analyzer into a trusted execution environment.To address the synchronization problem between these two concurrent components,we make use of Lamport's ring buffer algorithm.Based on the Xen hypervisor,we have implemented a prototype system named COMO.The experimental results show that COMO can monitor the security of the target virtual machine concurrently within a little performance overhead.

Extensive Study of Cloud Computing Technologies, Threats and Solutions Prospective

Infrastructure as a Service(IaaS)provides logical separation between data,network,applications and machines from the physical constrains of real machines.IaaS is one of the basis of cloud virtualization.Recently,security issues are also gradually emerging with virtualization of cloud computing.Different security aspects of cloud virtualization will be explored in this research paper,security recognizing potential threats or attacks that exploit these vulnerabilities,and what security measures are used to alleviate such threats.In addition,a dis-cussion of general security requirements and the existing security schemes is also provided.As shown in this paper,different components of virtualization environ-ment are targets to various attacks that in turn leads to security issues compromis-ing the whole cloud infrastructure.In this paper an overview of various cloud security aspects is also provided.Different attack scenarios of virtualization envir-onments and security solutions to cater these attacks have been discussed in the paper.We then proceed to discuss API security concerns,data security,hijacking of user account and other security concerns.The aforementioned discussions can be used in the future to propose assessment criteria,which could be useful in ana-lyzing the efficiency of security solutions of virtualization environment in the face of various virtual environment attacks.

LTSS： Load-Adaptive Traffic Steering and Forwarding for Security Services in Multi-Tenant Cloud Datacenters

Currently, different kinds of security devices are deployed in the cloud datacenter environment and tenants may choose their desired security services such as firewall and IDS （intrusion detection system）. At the same time, tenants in cloud computing datacenters are dynamic and have different requirements. Therefore, security device deployment in cloud datacenters is very complex and may lead to inefficient resource utilization. In this paper, we study this problem in a software-defined network （SDN） based multi-tenant cloud datacenter environment. We propose a load-adaptive traffic steering and packet forwarding scheme called LTSS to solve the problem. Our scheme combines SDN controller with TagOper plug-in to determine the traffic paths with the minimum load for tenants and allows tenants to get their desired security services in SDN-based datacenter networks. We also build a prototype system for LTSS to verify its functionality and evaluate performance of our design.

Route Guardian: Constructing Secure Routing Paths in Software-Defined Networking

Software-Defined Networking（SDN） decouples the control plane and the data plane in network switches and routers, which enables the rapid innovation and optimization of routing and switching configurations. However,traditional routing mechanisms in SDN, based on the Dijkstra shortest path, do not take the capacity of nodes into account, which may lead to network congestion. Moreover, security resource utilization in SDN is inefficient and is not addressed by existing routing algorithms. In this paper, we propose Route Guardian, a reliable securityoriented SDN routing mechanism, which considers the capabilities of SDN switch nodes combined with a Network Security Virtualization framework. Our scheme employs the distributed network security devices effectively to ensure analysis of abnormal traffic and malicious node isolation. Furthermore, Route Guardian supports dynamic routing reconfiguration according to the latest network status. We prototyped Route Guardian and conducted theoretical analysis and performance evaluation. Our results demonstrate that this approach can effectively use the existing security devices and mechanisms in SDN.