A4 Vertaisarvioitu artikkeli konferenssijulkaisussa
Virtual Machine Introspection based Cloud Monitoring Platform
Tekijät: Samuel Laurén, Ville Leppänen
Toimittaja: Boris Rachev, Angel Smrikarov
Konferenssin vakiintunut nimi: International Conference on Computer Systems and Technologies
Kustannuspaikka: New York, NY
Julkaisuvuosi: 2018
Kokoomateoksen nimi: CompSysTech'18: 19th International Conference on Computer Systems and Technologies
Sarjan nimi: ICPS: ACM International Conference Proceeding Series
Numero sarjassa: 1641
Aloitussivu: 104
Lopetussivu: 109
ISBN: 978-1-4503-6425-6
DOI: https://doi.org/10.1145/3274005.3274030
Verkko-osoite: https://dl.acm.org/citation.cfm?id=3274030
Virtual Machine Introspection (VMI) is an
emerging family of techniques for extracting data from virtual machines
without the use of active monitoring probes within the target machines
themselves. In VMI based systems, the data is collected at the
hypervisor-level by analyzing the state of virtual machines. This has
the benefit of making collection harder to detect and block by malware
as there is nothing in the machine indicating that monitoring is taking
place.
In this paper we present Nitro Web, a web-based monitoring
system for virtual machines that uses virtual machine introspection for
data collection. The platform is capable of detecting and visualizing
system call activity taking place within virtual machines in real-time.
The
secondary purpose of this paper is to offer an introduction to Nitro
virtual machine introspection framework that we have been involved in
developing. In this paper, we reflect on how Nitro Framework can be used
for building applications making use of VMI data.
