Semantic monitoring mechanisms dedicated to security monitoring in IaaS cloud

Yacine Hebbal 1, 2
2 ASCOLA - Aspect and Composition Languages
Inria Rennes – Bretagne Atlantique , LS2N - Laboratoire des Sciences du Numérique de Nantes
Abstract : Virtual Machine Introspection (VMI) consists inmonitoring VMs security from the hypervisor layer which offers thanks to its location a strong visibility on their activities in addition to a strong isolation from them. However, hypervisor view of VMs is just raw bits and bytes in addition to hardware states. The semantic difference between this raw view and the one needed for VM security monitoring presents a significant challenge for VMI called “the semantic gap”. In order to obtain semantic information about VM states and activities for monitoring their security from the hypervisor layer, we present in this thesis a set of techniques based on analysis and reuse of VM kernel binary code. These techniques enable to identify addresses and names of most VM kernel functions then instrument (call, intercept and analyze) them to automatically bridge the semantic gap regardless of challenges presented by compiler optimizations and kernel base address randomization.
Document type :
Theses
Complete list of metadatas

Cited literature [114 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01797056
Contributor : Abes Star <>
Submitted on : Tuesday, May 22, 2018 - 11:59:04 AM
Last modification on : Tuesday, March 26, 2019 - 9:25:22 AM
Long-term archiving on : Monday, September 24, 2018 - 10:43:48 AM

File

2017IMTA0029_Hebbal-Yacine.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01797056, version 1

Citation

Yacine Hebbal. Semantic monitoring mechanisms dedicated to security monitoring in IaaS cloud. Computation and Language [cs.CL]. Ecole nationale supérieure Mines-Télécom Atlantique, 2017. English. ⟨NNT : 2017IMTA0029⟩. ⟨tel-01797056⟩

Share

Metrics

Record views

284

Files downloads

298