Department Seminar Series

Dynamic defence in the Cloud via Introspection

21st May 2013, 16:00 add to calenderG12
Dr. Behzad Bordbar
School of computer Science
University of Birmingham
UK

Abstract

The Cloud is intended to handle large amounts of data. In addition, to benefit from the economies of scale, the applications and Operating Systems are homogenized to a few images restricting the variations of products used within the Cloud. As a result, vulnerability can be exploited on a large number of machines and the attacker can be sure of a high pay-off for their activities. This makes the Cloud a prime target for malicious activities. There is a clear need to develop automated, adaptive and computationally-inexpensive methods of discovering malicious behaviour as soon as they start such that remedial actions can be adopted before substantial damage is done.


In this seminar, we will describe a method of detecting malware by identifying the symptoms of malicious behaviour as opposed to looking for the malware itself. This can be compared to the use of symptoms in human pathology, in which study of symptoms direct physicians to diagnosis of a disease or possible causes of illnesses. The main advantage of shifting the attention to the symptoms is that a wide range of malicious behaviour can result in the same set of symptoms. We will also describe our current implementation of the proposed approach with the help of very small Virtual Machines (VM) that can monitor other VMs to discover the symptoms. FVMs collaborate with each other in identifying symptoms by exchanging messages via secure channels. The FVMs report to a Command & Control module that collects and correlates the information so that suitable remedial actions can take place in real-time. The Command & Control can be compared to the physician who infers possibility of an illness from the occurring symptoms. A sketch of our current implementation which involves using Mini-OS on the Xen virtualisation platform will also be presented. This research is in collaboration with Cloud and Security lab at HP.
add to calender (including abstract)