Project Goal: To build an infrastructure for providing a rich set of security services that are based on the secure foundation of virtualization infrastructure. Specifically, this project aims at ensuring safe introspection API's and based on it, integrity protection of critical resources, deployment of in-partition agents, and cross platform support.
Virtualization enables
On-demand, centralized security services
Centralization (reduced security footprint, sharing of knowledge)
Isolation (improve the tamper-resistance of solutions)
Visibility (examine virtual networks and virtual machines)
Scalability (grow/shrink security footprint based on load)
Advanced Remediation (integrate with infrastructure APIs)
Reduction of security sprawl across virtual infrastructures
Use case: Anti-Rootkit System based on Virtual Machine
Introspection
Use case summary: A protected Security virtual machine (SVM)
uses virtual machine introspection to monitor
critical OS data structures in guests for
changes made by rootkits and other types
of malware. We develop the Anti-Rootkit System
in collaboration with the IBM Zurich Research Lab.
Exemplary attack scenario:
|
 |
Publications:
Cloud Security Is Not (Just) Virtualization
Security. Mihai Christodorescu, Reiner Sailer,
Douglas Schales, Daniele Sgandurra, Diego
Zamboni. The 1st ACM Cloud Computing Security
Workshop. November, 2009. Paper on ACM Server.
This paper also has drawn some attention
in the press:
Technology Review: Self-Policing Cloud Computing: IBM security
tool searches for and destroys malicious
code in the cloud. Friday, November 20, 2009. By David Talbot.