Hypervisors are the building blocks of cloud computing. They host the virtualized operating systems and applications which provide highly-scalable, pervasive services on a continuous basis. These thin-layer, bare-metal operating systems create a prime target for attack. A compromised hypervisor grants access to hosted virtual machines and data stores. Its computing resources can be used for malicious purposes, including mounting additional attacks. To avoid detection, rooted hypervisors must not only avoid tripping internal alarms, but also convince external monitors that they are operating normally. To conceal illicit activities, they may underreport performance metrics. Although rootkits can hide unauthorized activity by understating system load, they cannot tamper with external measures of power usage. This research develops a new method for identifying compromised hypervisors which integrates energy usage statistics. This method correlates independent measures of server energy usage with hypervisor reports of system state to create models of power consumption. The detection process focuses on hypervisors which appear to use more power than expected, given reported performance metrics. Three out-of-band tests for detecting compromise are undergoing testing and refinement. The results of this research will indicate the effectiveness of energy correlation-approaches at identifying rooted hypervisors. If successful, this project will provide a platform-neutral method for cloud management monitors to identify compromised hypervisors. It reduces adoption risks for organizations and individual users of cloud services. In addition, it will provide opportunities for graduate and undergraduate students to developed advanced skills in cloud and data center security.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
1318399
Program Officer
Angelos Keromytis
Project Start
Project End
Budget Start
2013-10-01
Budget End
2014-06-30
Support Year
Fiscal Year
2013
Total Cost
$108,710
Indirect Cost
Name
Georgia Southern University Research and Service Foundation, Inc
Department
Type
DUNS #
City
Statesboro
State
GA
Country
United States
Zip Code
30460