No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
The Challenges of Securing the Virtualized Environment
Abstract
As virtualization has become more popular, concern over the technology's security has grown. Traditional security techniques often don't work well with virtualization, so vendors are trying different approaches.
... Cloud computing creates a virtual platform of server operating systems and storage components. This will help the user because several machines will be provided simultaneously [3] [4]. The ability to share a single physical instance of a resource or program across several users is another benefit. ...
... "Virtual machines" is another name for this. On a single workstation, it necessitates installing a second instance-or numerous instances-of an operating system like Windows [3] [4]. By reducing the number of physical machines needed to run their software, this helps businesses reduce the amount of physical hardware needed. ...
... The ability to manage servers and apps as a single instance makes management easier in addition to load balancing. The fact that just one server is open to the public while the rest are protected by a reverse proxy network security appliance allows for increased network security [3] [4]. ...
... It can be virtual or physical. According to [15] housing multiple VMs into one host eliminates physical/hardware firewall and other traditional security mechanisms. Author explains having virtualization adds a virtual layer in the IT infrastructure in which traditional hardware firewall, intended for physical environments, lacks visibility which adds up to the network vulnerabilities. ...
... Hence, the virtual firewalls (VF) are used to secure VMs. VMM-level VF are discussed and implemented by [14], [15], [17], [18]. Source VMM-level VF provides security to VM before the migration incurs and the destination VMM-level VF starts securing VM after migration is completed. ...
... These resources can be dynamically provisioned to the users on demand via Internet. With virtualization benefits comes the need for virtual security [5], [15] and [35]. System virtualization is when a single physical host runs a number of VMs on it. ...
Cloud Computing (CC) uses virtualization to provide computing resources on demand via Internet. Small and large organizations benefit from CC because of reduced operating costs and increase in business agility. The migrating Virtual Machine (VM) is vulnerable from attacks such as fake migration initiations, service interruptions, manipulation of data or other network attacks. Hence, during live migration any security lax in VM firewall policy can put the VM at risk. A malicious VM can further pose threat to other VMs in its host and consequently for VMs in LAN. Hardware firewalls only protect VM before and after migration. Plus, they are blind to virtual traffic. Hence, virtual firewalls (VFs) are used to secure VMs. Mostly; they are deployed at Virtual Machine Monitor-level (VMM) under Cloud provider's control. Source VMM-Ievel VF provides security to VM before the migration incurs and the destination VMM-level VF starts securing VM after migration is completed. It thus, becomes possible for attacker to use the intermediate migrating window to launch attacks on VM. This research contributes towards providing understanding of having open source virtual firewall at VM-Ievel for migrating VMs to reduce attack window of VM during the migration. The final contribution is the validation and uptime evaluation of the implemented Packet Filter firewall for VM at VM-level during migration in City Network data center. Such an approach would enable hardened security for overall VM migration.
... The improvement of Information Society (IS) is connected to the modernization of contemporary information environment and make hyper-globalization not only in the trade [1], but in all network communications, including distributed access to the information resources and virtual environments [2], e-services [3,4], social media [5,6], cloud services [7,8], etc. This puts new requirements to the Information and Communication Technologies (ICT) for decision of the technological problems with information saving, dissemination, processing and protection [9,10]. ...
... On-line purchasing by Internet for Bulgarian persons and enterprisesThe social media occupies an important place in the network activities, because it is a complex of web-based and mobile technologies for interactive communications for sharing pictures, audio and video information, experience, etc. The social media2 Based on official information of National Statistical Institute of Bulgaria ensure access of people to network resources for creating, editing and complementing content, but this content will be accessed if it respects several standards. Here are some popular social media: the social networks (Google+, Facebook, LinkedIn, Pinterest, Friendster, MySpace, Black Planet, etc), blogs (Twitter, etc.), web sites for sharing video contents (YouTube, VBOX7, Flicker, etc.), Internet forums, wikiapplications, virtual social sites (Second Life) and virtual sites for games (World of Warcraft), etc.The social media have changed the understanding of communication via Internet and have created new dialog methods. ...
... Глобализацията и развитието на съвременното информационно общество (ИО) [1] води до повишена активност в Интернетпространството, което поставя на дневен ред въпроси, свързани с принципите за неприкосновеност на личния живот и защита на личните данни (ЛД) при достъп до отдалечени информационни ресурси [2,3], виртуални среди [4] и "облака" [5]. Това изисква при предоставяне на среди за отдалечен мултипотребителски достъп да се предвидят организационни и технически мерки за защита на предоставените от регистрираните потребители ЛД срещу тяхното неправомерно разпространение и използване за други цели, различни от обявените, както и строги правила за авторизация и автентификация [6,7]. ...
Proceedings of the International Scientific Conference UNITECH’13 (ISSN 1313-230X), 22-23 November 2013, pp. II-223 – II-228
... Fact is that social media and cloud computing give different opportunities for collaboration, information sharing, online communications, access to information and knowledge, etc. In other hand, some important problems for personal data protection of user's profiles and posted information could be determined [4,5,6], and these problems are object of serious discussion in the world [7,8]. ...
... This approach is essential for the data centers, where thousands of servers are used. According to [28], industrial organizations have built up 80% virtual infrastructure on their servers. In case of attack of the host server, the layer of the OS responsible for the virtualization is compromised. ...
Information security deals with protecting data and information in all of its forms. The information security topic has been an area of growing research and educational interest for years. Many universities started to incorporate security concepts in new or existing courses, following the recommendations of the ISO/IEC 27000 series of standards. Recently, a new CSES2017 curricula in cyber-security education was introduced.
The article presents its authors’ experience in delivering education in information security area through courses in several Bulgarian universities. The main topics and educational methods, covered by the courses are presented and some results are discussed.
... It gives organizations and people an opportunity to utilize and improve the use of their hardware by increasing the number and types of tasks that a single machine can handle [2]. Two significant benefits that can be provided in a virtualization environment are resource sharing, and isolation. ...
... attacks and data breaches [15,16]. Past research has to a large extent investigated means to provide adequate information privacy and ensure information security for genome data in CC environments [e.g., 8,14,17]. ...
The adoption of cloud services in genomics is often accompanied by information privacy and information security concerns. While specific infor- mation privacy and information security requirements are recognized to vary de- pending on the underlying genome data sets’ sensitivity, extant research has mostly taken a maximum effort approach to the protection of genome data in cloud computing environments. In this paper, we employ the method of Nicker- son et al. to develop a taxonomy of genome data sets that can aid interested re- searchers in deciding whether to store and process their genome data in the cloud. Our taxonomy consists of the ten dimensions (1) Organism, (2) Access, (3) Iden- tifiable, (4) File size, (5) Processing requirements, (6) Transfer requirements, (7) Mutable, (8) API access, (9) Software availability, and (10) Use restriction. Anal- ysis of our taxonomy and data set classifications from a cloud computing per- spective highlights the existence of diverse factors and contextual influences be- yond just privacy and security concerns that can motivate or discourage cancer genomics researchers to move their genome data to the cloud.
... After compiling content_renderer_executable, an independently compiled Render Process as an executable program is obtained. 4. Run the executable in container. ...
In this paper, firstly we propose a novel architecture called DBCSUEE to adapt embedded Chromium browser with Docker container virtualization as its sandboxing mechanism to isolate processes. Using this kind of container-level virtualization in browsers guarantees web applications operate in a secure environment, and gives the browser a more efficient resource management scheme applicable to multi-application situation. Secondly, when implementing the scheme, communication among applications running in their own containers becomes a problem and needs to be solved. Chromium's existing inter-process communication mechanism cannot be used. Thus, we propose a new communication scheme based on named pipe, which allows two web applications to communicate with each other without closing their containers.
... One of the virtualization security challenges faces cloud system is a lack of VM protection, because multiple VMs located on the same computer, you cannot put a hardware protection device such as a firewall between them. Another challenge is due to a dynamic environment where VMs are created, terminated, or moved to another place automatically, which make very hard to monitor traffic and determine if the attack is accruing [32]. ...
Cloud computing brings for higher educational institution a wide range of benefits with new capabilities to incorporate in the educational process. However, the cloud services are vulnerable to a variety of security challenges. One of the key challenges that educational institutions face in adopting cloud computing technologies is a provisioning of a secure cloud infrastructure. In this paper, the authors discover some cloud benefits in the education sector and discuss limitations of main cloud services as well as highlight security challenges that institutions face when utilizing cloud technologies. The survey was conducted in variety educational institutions to study the views of stakeholders on the cloud security vulnerabilities and approaches used to overcome. Finally, this paper provides baseline recommendations to avoid security risks efficiently when adopting cloud computing in institutions of higher education.
... The modernization and the improvement of the Information Society (IS) determine new requirements to the contemporary information and communication technologies (ICT) for solution of different problems with globalization [1], remote access to information resources and cloud computing [2], distributed information servicing and virtual environments [3] and determination of adequate information security policy in enterprises [4]. Social networks and social media should be included in this group too because the contemporary ICT permit extension of social relationships and confirmation of the field "social computing" connected with building of networks of web sites (MySpace, Facebook, Twitter, XING, LinkedIn, YouTube, Pinterest, Foursquare, Newshub, e-Britanica, etc.) [5]. ...
The Information Society has created different possibilities for remote access to distributed information resources and communications between users (virtual environments, cloud services, social media, etc.). All these aspects of the globalization make users create their own profile with personal data and publish personal information. Are this data protected in a reliable way? This is an important question that every user should ask oneself. The answer is related to the privacy and the principles of personal data protection. The main goal of this article is to discuss the challenges of social media for data protection as a component of privacy. In this reason a brief review of social media is made and a formal description of global communications by using discrete structures is proposed. Main principles of personal data protection are presented on the base of organizational scheme, life cycle and data protection policy in the frame of security policy and in particular related to the information and communication security policy.
... The digital world consists of different components accessed and used by individuals, public institution and business organizations. The traditional part of these components helps users to obtain some new knowledge based on interactive communications (web-environments with a large collection of contents, distributed specialized information resources, tools for virtual reality, etc.) (Garber, 2012). This part should be extended by opportunities of cloud environments and data centers (using remote resources as a services) (Chen&Zhao, 2012), social media and Web 2.0 (tools that permit collaboration and sharing of information and knowledge between large set of users) (Kinast&Partner, 2014), distributed environments for online/distance learning (using and sharing learning content and organize the collaboration on the base of specific interests) (Yong Chen & Wu He, 2013), Massive Open Online Courses (MOOCs) that many educational institutions apply (the tendency is that MOOCs will change the higher education in the next years (Mayer&Zhu, 2013). ...
The contemporary digital world based on the global network proposes different opportunities for remote access to distributed environments and shared information, dissemination of specific content, communication between real or virtual users, using cloud services, implementation social contacts, etc. Many of these activities are connected to creation of personal profiles and uploading personal data but it is not known the policy of privacy protection. The article discusses some challenges of digital world (particular of social computing) for personal data protection as a main part of the privacy. The special features of social computing and its components are discussed, the fundamental principles of data protection organization are presented and problems for personal data protection are summarized.
... All communications, information sharing and remote access to different resources (including system functionality and distributed data) set up one fully integrated world [1] based on contemporary information and communication technologies (ICT) determining new point of view for the world economy and public relations as activities based on services [2]. All new opportunities of globalization could have a negative effect on digital privacy and this is valid for all components of Information Society as virtual environments [3], distributed and online learning [4], [5], cloud computing [6], [7], [8], mobile communications [9], [10], social computing [11], [12], [13], etc. Using and sharing distributed information (audio, video, pictures, personal profiles, etc.), exchanging data between users at different places in the world, accessing network resources (web applications, sites, data centers, etc.) could cause risk for the privacy and personal data protection (PDP) of individuals. ...
Contemporary Information Society proposes variety of opportunities for communication between users (social networks & social media), different activities and services (cloud computing and mobile cloud computing), sharing information and remote access to distributed resources (blogs & microblogs, data centres, etc.). These functionalities are the fundament for the realization of the contemporary globalized world, but they could have a negative effect on the privacy of the individuals. It is a fact that before accessing any information it is necessary to upload required personal data, but the following question arises: “Does these data correspond to the goal of personal data processing and what kind of organizational and technical measures for data protection are implemented?”. This is an important question which every user must ask him/herself before using any Web application. In this aspect the article discusses some main principles of personal data protection (PDP), challenges for the PDP due to the globalization and new regulations on European level for improving the contemporary rules and measures for personal data processing in the digital world.
... It permits virtual environments development, ensuring interactive communications (web-environments with a large collection of contents, distributed specialized information resources, tools for virtual reality, etc.). These components create challenges for information security [1] and privacy protection [2]. These opportunities should be extended by cloud computing and data centers [3,4] which propose remote access to information and system resources based on services. ...
This article discusses organization of an extended subsystem for information security which is accomplished with analysis of cloud computing and data centers used by business to store corporative information resources. It is pointed out that the IT security policy should apply adequate technical and organizational measures for personal data protection and managing access rights to all resources in the business information environment. Basic principles of data protection as a part of information security policy in a corporation are presented and a general architecture of corporative security subsystem is proposed. A formalization by using discrete graph structure is made and main procedures for secure access to 3 types of resources (public, private internal and private external) are determined. The Petri nets (PN) apparatus for modeling of secure access processing is used. For the purposes of investigation an analytical definition of model is presented and evaluation of some characteristics is made.
... Contemporary digital word proposes different opportunities for creating virtual environments, remote access to web objects, sharing information, social communication, etc. which make connectivity between people easy and fasts. At the same timethe variety of Web and mobile applications requires higher level of data privacy and information security [1,2]. The cloud computing has different advantages including organizing business processes by using cloud services and importing corporative data in data centres. ...
This article discusses several core aspects of security system organization which are able to guarantee efficient protection of corporative resources. These resources could be stored in a common case as an internal subsystem. Recently many enterprises prefer to store them in data centres relying on cloud services. Nevertheless which one of these two approaches will be applied strong procedures for corporative information security and personal data protection must be defined. In order to investigate security procedures for accessing and using business information in a corporative system the article deals with formalization of the processes by using data flow diagram and modelling by Petri Nets (PN) apparatus (in the stochastic extension). An analytical evaluation of the results is carried out and calculated assessments for a case study are given.
... Access to genomic data is accompanied with personal, social, professional, financial, and insurance-related risks (Shoenbill et al., 2014). Although CC providers are typically able to make larger investments in security than average research facilities and may thus provide increased levels of information security (Dove et al., 2015), inherent characteristics of CC also offer new vectors for attacks and data breaches (Garber, 2012, Nanavati et al., 2014, Sunyaev and Schneider, 2013. Thus, protection of information security and privacy in GCS is an often-voiced concern (Dalpé and Joly, 2014, Dove et al., 2015, Schatz et al., 2010. ...
Most extant genomic cloud services strive to maximize information security and information privacy protection thereby neglecting the diversity of information practices in genomic research. Such a one- size-fits-all approach is not expedient and decreases the overall system usability and performance. While there is growing awareness that employed information security and information privacy measures must adapt to information security and information privacy requirements inherent to infor- mation practices, limited design knowledge exists on how to actually design genomic cloud services capable to account for differences in information practices in genomic research. In this research-in- progress, we propose a model for genomic cloud services that dynamically adapt to the diverse infor- mation security and information privacy requirements in genomic research. Our research contributes to the scientific knowledge base by capturing design knowledge for secure, privacy-preserving, and usable genomic cloud services, accounting for conflicts between information security and information privacy, and fostering understanding of information privacy as a context-sensitive construct.
... This is especially important from the point of view of critical infrastructure systems. Modern security systems are based mainly on systems IPS and IDS [1][2][3][4] often built in the topology of the demilitarized zone. Their Fig. 1 shows the classification of method used to anomaly detection. ...
This article presents a new approach for detecting anomalies in the computer network. The approach is based on the determination of the network traffic statistical parameters in case of normal condition. When network anomaly happens, usually more than one statistical parameter is change. A set of parameters that have changed can be used to identify threats. Currently, anomaly detection mechanisms used in the network traffic are computationally complex and cannot be used in case of high speed connection. The presented method does not guarantee the anomaly identification but can be used as one of the indicators used for the isolation of suspicious flows (through ongoing modifications the routing or switching rules). Separated flow is subjected to further analysis with use of classical methods for anomaly detection. With this approach it is possible to make a rough anomaly identification in the core of high speed computer network.
... Most of the recent works related to security issues refer to the access control mechanisms within VMs and the hypervisor, and reflect typical (office) domains of VM usage. A good general view of the security concerns is presented in [14] and [15]. VMspecific threats are mentioned in [16] and [17]. ...
Industrial applications become more and more distributed. The ?intelligence? is embedded in smaller and smaller devices connected via various types of computer and communication networks. This is possible due to the strong development of processing infrastructure as well as information and interconnection technologies. As a result, systems simply get ?smarter,? both from the user?s and developer's point of view. The industrial networks are the only means being able to deliver local and remote communication services in real time. Control functionalities are delivered by algorithms implemented in the form of programs executed within system nodes. These briefly presented paradigms represent a typical model of an automation system that is designed and used as a separate part of factory IT structures. A more interesting aspect of distribution is the scattering of functional parts of the system and the virtualization of its instances, especially with isolation from actual devices during the design process.
... Most of the recent works related to security issues refer to the access control mechanisms within VMs and the hypervisor, and reflect typical (office) domains of VM usage. A good general view of the security concerns is presented in [14] and [15]. VMspecific threats are mentioned in [16] and [17]. ...
Virtualization theory is well known and successfully used in the computer domain. Personal computer (PC) workstations, as well as their virtual counterparts, are popular for general purposes. PC stations are also popular in networked control systems (NCSs). They are used as system components to deliver user interfaces and to run many important services of the data processing, communication, and database type. In this paper, the usage of virtual PC machines (VMs) is considered in the context of interoperability with NCS. This specific application area requests answers whether virtualization is applicable and secure, and what are the expectations from the temporal characteristics of running services.
... The virtualization of industrial controller functionality (PLC-as-a-service) [9] could be a promising approach. Though, some inherent challenges such as accessibility and security needs to be addressed for industrial automation applications [4]. In the presence of a comprehensive resource distribution policy, multiple instances of virtual PLCs can be created and allocated to control underlying physical subsystems [10]. ...
Cloud computing has recently emerged as a new computing paradigm in many application areas comprising office and enterprise systems. It offers various solutions to provide a dynamic and flexible infrastructure to host computing resources and deliver them as a service on-demand. Since industrial automation systems of the future have to be adaptable and agile, cloud computing can be considered as a promising solution for this area. However, the requirements of industrial automation systems differ significantly from the office and enterprise world. In this paper we describe a case study that implements a concept of PLC as a service within a cloud based infrastructure and provides a performance evaluation with respect to legacy PLCs.
... However, even if PHS do not explicitly access personal, medical information of users, sole observation of users' behavior can lead to privacy infractions (Slamanig and Stingl 2008). Characteristics of cloud computing like multitenancy (i.e., deployment of service instances of different organizations on the same physical host) introduce new information security and privacy challenges that need to be addressed (Garber 2012;Song et al. 2012;Subashini and Kavitha 2011;Yau and An 2011). Patients deem access to health information and related services beneficial, but they are concerned with information security and privacy issues and want to control access to their information (Pyper et al. 2004;Simon et al. 2009). ...
Patient-centered health information technology services (PHS) provide personalized electronic health services to patients. Since provision of PHS entails handling sensitive medical information, a special focus on information security and privacy aspects is required. We present information security and privacy requirements for PHS and examine how security features of large-scale, inter-organizational health
information technology networks, like the German health information technology infrastructure (HTI), can be used for ensuring information security and privacy of PHS. Moreover, we illustrate additional security measures that complement the HTI security measures and introduce a guideline for provision of PHS while ensuring information security and privacy. Our elaborations lead to the conclusion that security features of
health information technology networks can be used to create a solid foundation for protecting information security and privacy in patient-centered health information technology ser vices offered in public networks like the Internet.
... Characteristics of cloud computing like multitenancy (i.e. deployment of service instances of different organizations on the same physical host) introduce further security challenges to the security-sensitive field of health IT which need to be addressed [18,38,39,40,42,44,47,53]. Hence, establishment of a foundation for PHS information security and privacy requirements engineering is an important step towards secure provision of PHS. ...
Patients increasingly want to access health information and services via tailored patient-centered
health IT services (PHS). PHS produce value by managing, assessing, and working on users’ sensitive
personal health information and leverage benefits of supporting technologies like cloud computing or
mobile information and communication technology. Thus, information security and privacy is highly
relevant for the development, deployment, and assessment of PHS. To ease PHS requirements
engineering and contribute to the mastering of arising information security and privacy challenges, we derive PHS information security and privacy requirements. With our research we contribute to the scientific
knowledge base by illustrating PHS information security and privacy requirements and providing a foundation for PHS requirements development, which represents a fundamental part of software engineering. For practice-oriented audiences, this research can serve as introduction to PHS and offers a foundation and guide for secure and privacy-ensuring development and deployment of PHS.
This draft discusses the features and functions that the Internet must support in order to be as robust and trustworthy as the public switched telephone network (PSTN, http://en.wikipedia.org/wiki/ Public_switched_telephone_network). In general the PSTN-like features and functions include verifiable addressing and numbering, higher privacy and security, increased reliability (no more than around five minutes of unplanned outage over one year time period), survivability and resiliency, desirable level of scalability, alarms, correlation, and diagnosis capability, and local/international level of accountability. Incorporation of these (or similar) features are expected to harden the Internet.
Cloud computing has recently emerged as a new computing paradigm in many application areas comprising office and enterprise systems. It offers various solutions to provide a dynamic and flexible infrastructure to host computing resources and deliver them as a service on demand. Since industrial automation systems of the future have to be active and adaptable, cloud computing can be considered as a promising solution for this area. In this paper, the aim is to introduce an initial framework for applying cloud computing solutions to industrial automation systems. Our work is based on translating our experience in networked control systems (NCS), industrial control theory and computing theory to propose an architecture for cloud-based industrial automation systems. Albeit this architecture proposal is initial and limited to abstract models for wide class of practical systems, this work aims to analyze related issues and assess possible avenues towards continuing cloud-based control system design.
Application whitelisting software allows only examined and trusted applications to run on user’s machine. Since many malicious files don’t require administrative privileges in order for them to be executed, whitelisting can be the only way to block the execution of unauthorized applications in enterprise environment and thus prevent infection or data breach. In order to assess the current state of such solutions, the access to three whitelisting solution licenses was obtained with the purpose to test their effectiveness against different modern types of ransomware found in the wild. To conduct this study a virtual environment was used with Windows Server and Enterprise editions installed. The objective of this paper is not to evaluate each vendor or make recommendations of purchasing specific software but rather to assess the ability of application control solutions to block execution of ransomware files, as well as assess the potential for future research. The results of the research show the promise and effectiveness of whitelisting solutions.
This paper identifies the causes of privacy concerns which emerged when an educational institution launched an automated proctoring technology to examine E-Learners. In the modern era of information, privacy is an integral concern due to its fluid, dynamic and complex nature. In certain situations where it is very difficult to understand the privacy concerns, privacy is often misunderstood by the interactive systems designers. The qualitative data in this research was collected using content analysis approach from 120 online bloggers and useful insights were found; those that pertained to the privacy concerns for E-Learners. The findings revealed both practical and theoretical implications for both the institutions offering online courses and organization designing tools for proctoring.
Virtual Machines hosted in cloud systems are susceptible to migration usually without notifying the cloud consumer. This is generally undertaken to load balance user requests across multiple data centres, often without direct awareness of the user. Migration could be to a regional site or to a data centre in another geographical area, i.e. to a country which has non-conforming laws with regards to data privacy. This concern becomes even more significant when a cloud federation is considered, where a number of different providers may need to work together. It is therefore necessary to develop a mechanism that enables a user to detect if migration of a VM has happened. More importantly, such a mechanism should be user driven and not require input from a provider. We compare various techniques to enable a VM migration to be detected, by monitoring events inside a VM that could signify whether such a migration has taken place, and subsequently notifying the owner about such an event. A review of migration detection techniques is presented followed by the proposition of a hybrid model to carry out the migration detection process.
The cloud computing concept has significantly influenced how information is delivered and managed in large scale distributed systems today. Cloud computing is currently expected to reduce the economic cost of using computational and data resources, and is therefore particularly appealing to small and medium scale companies (who may not wish to maintain in-house IT departments). To provide economies of scale, providers of Cloud computing infrastructure make significant use of virtualisation techniques – in which processes of various tenants sharing the same physical resources are separated logically using a hypervisor. In spite of its wide adoption in Cloud computing systems, virtualisation technology suffers from many security and privacy issues. We outline security challenges that remain in the use of virtualisation techniques to support multiple customers on the same shared infrastructure. We also illustrate, using an experiment, how data leakage occurs when multiple VMs are executed on the same physical infrastructure, leading to unauthorised access to (previously) deleted data.
While there are a variety of existing virtual machine introspection (VMI) techniques, their latency, overhead, complexity and consistency trade-offs are not clear. In this work, we address this gap by first organizing the various existing VMI techniques into a taxonomy based upon their operational principles, so that they can be put into context. Next we perform a thorough exploration of their trade-offs both qualitatively and quantitatively. We present a comprehensive set of observations and best practices for efficient, accurate and consistent VMI operation based on our experiences with these techniques. Our results show the stunning range of variations in performance, complexity and overhead with different VMI techniques. We further present a deep dive on VMI consistency aspects to understand the sources of inconsistency in observed VM state and show that, contrary to common expectation, pause-and-introspect based VMI techniques achieve very little to improve consistency despite their substantial performance impact.
Recreational fishers are increasingly competing for space and resources with commercial fishers worldwide, but have been poorly studied. In particular, the impacts of spearfishing competitions on the temperate fish assemblages have seldom been analysed. In Galicia (NW Spain), there are currently 5000 spear fishers, and 500 of them participate in spearfishing competitions. An historic archive of spearfishing competitions was used to assess their influence on the subsequent competitions in the area and to analyse their effect on the fish abundances estimated by underwater visual censuses. The annual recreational catch of the spear fishers was also estimated and comparisons with the commercial landings were performed. The spear fishers targeted 29 species, although six accounted for 95% of the catch. Most of the species show low vulnerabilities to fishing pressure and only Dicentrarchus labrax, among frequently caught species, can be considered as moderately vulnerable. The overall impact of spearfishing competitions on fish populations was limited, although some competitions temporarily reduced the abundances of Labrus bergylta, the main target species, by up to 83%. Spear fishers caught a large proportion of the total catch of common species, with recreational catches of some species (e.g. L. bergylta) matching or exceeding the commercial catch. The inclusion of this fishery in the management models of the coastal ecosystems is strongly recommended.
While there are a variety of existing virtual machine introspection (VMI) techniques, their latency, overhead, complexity and consistency trade-offs are not clear. In this work, we address this gap by first organizing the various existing VMI techniques into a taxonomy based upon their operational principles, so that they can be put into context. Next we perform a thorough exploration of their trade-offs both qualitatively and quantitatively. We present a comprehensive set of observations and best practices for efficient, accurate and consistent VMI operation based on our experiences with these techniques. Our results show the stunning range of variations in performance, complexity and overhead with different VMI techniques.We further present a deep dive on VMI consistency aspects to understand the sources of inconsistency in observed VM state and show that, contrary to common expectation, pause-and-introspect based VMI techniques achieve very little to improve consistency despite their substantial performance impact.
Aiming at the problem that virtual machine information cannot be extracted incompletely, we extend the typical information extraction model of virtual machine and propose a perception mechanism in virtualization system based on storage covert channel to overcome the affection of the semantic gap. Taking advantage of undetectability of the covert channel, a secure channel is established between Guest and virtual machine monitor to pass data directly. The Guest machine can pass the control information of malicious process to virtual machine monitor by using the VMCALL instruction and shared memory. By parsing critical information in process control structure, virtual machine monitor can terminate the malicious processes. The test results show that the proposed mechanism can clear the user-level malicious programs in the virtual machine effectively and covertly. Meanwhile, its performance overhead is about the same as that of other mainstream monitoring mode.
ResearchGate has not been able to resolve any references for this publication.