Xen Network Flow Analysis for Intrusion Detection
Authors: 
Reece Johnston, Sun-il Kim, David Coe, Letha Etzkorn, Jeffrey Kulick, 
Aleksandar MilenkovicAuthors Info & Claims
Article No.: 18, Pages 1 - 4
Abstract
Virtualization technology has become ubiquitous in the computing world. With it, a number of security concerns have been amplified as users run adjacently on a single host. In order to prevent attacks from both internal and external sources, the networking of such systems must be secured. Network intrusion detection systems (NIDSs) are an important tool for aiding this effort. These systems work by analyzing flow or packet information to determine malicious intent. However, it is difficult to implement a NIDS on a virtualized system due to their complexity. This is especially true for the Xen hypervisor: Xen has incredible heterogeneity when it comes to implementation, making a generic solution difficult. In this paper, we analyze the network data flow of a typical Xen implementation along with identifying features common to any implementation. We then explore the benefits of placing security checks along the data flow and promote a solution within the hypervisor itself.
References
[1]
P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the art of virtualization. SIGOPS Oper. Syst. Rev., 37(5):164--177, Oct. 2003.
[2]
S. Bharadwaja, W. Sun, M. Niamat, and F. Shen. Collabra: a xen hypervisor based collaborative intrusion detection system. In IEEE Information technology: New generations (ITNG), 2011.
[3]
R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic. Cloud computing and emerging it platforms: Vision, hype, and reality for delivering computing as the 5th utility. Elsevier FGCS, 25(6), 2009.
[4]
M. Laureano, C. Maziero, and E. Jamhour. Intrusion detection in virtual machine environments. In IEEE Euromicro Conference, 2004.
[5]
H.-J. Liao, C.-H. R. Lin, Y.-C. Lin, and K.-Y. Tung. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1):16--24, 2013.
[6]
C. Mazzariello, R. Bifulco, and R. Canonico. Integrating a network ids into an open source cloud computing environment. In IEEE Information Assurance and Security, 2010.
[7]
J. Wang, K.-L. Wright, and K. Gopalan. Xenloop: a transparent high performance inter-vm network loopback. In ACM international symposium on High performance distributed computing, 2008.
[8]
T. Xing, D. Huang, L. Xu, C.-J. Chung, and P. Khatkar. Snortflow: A openflow-based intrusion prevention system in cloud environment. In IEEE Research and Educational Experiment Workshop, 2013.
Recommendations
Xen and co.: communication-aware CPU scheduling for consolidated xen-based hosting platforms
VEE '07: Proceedings of the 3rd international conference on Virtual execution environmentsRecent advances in software and architectural support for server virtualization have created interest in using this technology in the design of consolidated hosting platforms. Since virtualization enables easier and faster application migration as well ...
Fast Live Cloning of Virtual Machine Based on Xen
HPCC '09: Proceedings of the 2009 11th IEEE International Conference on High Performance Computing and CommunicationsVirtual Machine (VM) cloning is to create a replica of a source virtual machine (parent virtual machine); the replica, also called child virtual machine, owns exactly the same executing status as parent virtual machine. Fast live cloning guarantees that,...
My VM is Lighter (and Safer) than your Container
SOSP '17: Proceedings of the 26th Symposium on Operating Systems PrinciplesContainers are in great demand because they are lightweight when compared to virtual machines. On the downside, containers offer weaker isolation than VMs, to the point where people run containers in virtual machines to achieve proper isolation. In this ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
April 2016
150 pages
ISBN:9781450337526
DOI:10.1145/2897795
- General Chairs:
- Joseph P. Trien,
- Stacy J. Prowell,
- John R. Goodall,
- Program Chair:
- Robert A. Bridges
Copyright © 2016 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- Oak Ridge National Laboratory
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 April 2016
Check for updates
Author Tags
Qualifiers
- Short-paper
- Research
- Refereed limited
Funding Sources
Conference
CISRC '16
Acceptance Rates
CISRC '16 Paper Acceptance Rate 11 of 28 submissions, 39%;
Overall Acceptance Rate 69 of 136 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 244Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 19 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in