Slick
| Autor: | Bacs, A., Giuffrida, C., Grill, B., Bos, H.J., Ossowski, Sascha |
|---|---|
| Přispěvatelé: | Ossowski, Sascha, Computer Systems, Network Institute, Systems and Network Security |
| Rok vydání: | 2016 |
| Předmět: |
0301 basic medicine
Computer science 0211 other engineering and technologies Cloud computing 02 engineering and technology Intrusion detection system Storage virtualization computer.software_genre Host-based intrusion detection system 03 medical and health sciences Server Overhead (computing) Intrusion detection SDG 7 - Affordable and Clean Energy Virtual storage 021110 strategic defence & security studies business.industry Hypervisor Virtualization 030104 developmental biology Bootkit detection Operating system Intrusion prevention system business computer |
| Zdroj: | SAC Bacs, A, Giuffrida, C, Grill, B & Bos, H J 2016, Slick: An Intrusion Detection System for Virtualized Storage Devices . in S Ossowski (ed.), Proceedings of the 31st Annual ACM Symposium on Applied Computing, Pisa, Italy, April 4-8, 2016 . ACM, pp. 2033-2040 . https://doi.org/10.1145/2851613.2851795 Proceedings of the 31st Annual ACM Symposium on Applied Computing, Pisa, Italy, April 4-8, 2016, 2033-2040 STARTPAGE=2033;ENDPAGE=2040;TITLE=Proceedings of the 31st Annual ACM Symposium on Applied Computing, Pisa, Italy, April 4-8, 2016 |
| Popis: | Cloud computing is rapidly reshaping the server administration landscape. The widespread use of virtualization and the increasingly high server consolidation ratios, in particular, have introduced unprecedented security challenges for users, increasing the exposure to intrusions and opening up new opportunities for attacks. Deploying security mechanisms in the hypervisor to detect and stop intrusion attempts is a promising strategy to address this problem. Existing hypervisor-based solutions, however, are typically limited to very specific classes of attacks and introduce exceedingly high performance overhead for production use.In this paper, we present Slick (Storage-Level Intrusion ChecKer), an intrusion detection system (IDS) for virtualized storage devices. Slick detects intrusion attempts by efficiently and transparently monitoring write accesses to critical regions on storage devices. The low-overhead monitoring component operates entirely inside the hypervisor, with no introspection or modifications required in the guest VMs. Using Slick, users can deploy generic IDS rules to detect a broad range of real-world intrusions in a flexible and practical way. Experimental results confirm that Slick is effective at enhancing the security of virtualized servers, while imposing less than 5% overhead in production. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|