The Journal of Supercomputing

, Volume 66, Issue 3, pp 1133–1151 | Cite as

A VMM-based intrusion prevention system in cloud computing environment

  • Hai Jin
  • Guofu Xiang
  • Deqing Zou
  • Song Wu
  • Feng Zhao
  • Min Li
  • Weide Zheng


With the development of information technology, cloud computing becomes a new direction of grid computing. Cloud computing is user-centric, and provides end users with leasing service. Guaranteeing the security of user data needs careful consideration before cloud computing is widely applied in business. Virtualization provides a new approach to solve the traditional security problems and can be taken as the underlying infrastructure of cloud computing. In this paper, we propose an intrusion prevention system, VMFence, in a virtualization-based cloud computing environment, which is used to monitor network flow and file integrity in real time, and provide a network defense and file integrity protection as well. Due to the dynamicity of the virtual machine, the detection process varies with the state of the virtual machine. The state transition of the virtual machine is described via Definite Finite Automata (DFA). We have implemented VMFence on an open-source virtual machine monitor platform—Xen. The experimental results show our proposed method is effective and it brings acceptable overhead.


Grid computing Cloud computing Virtualization Intrusion prevention File integrity 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Foster I, Kesselman C, Tuecke S (2001) The anatomy of the grid: enabling scalable virtual organizations. Int J High Perform Comput Appl 15:200–222 CrossRefGoogle Scholar
  2. 2.
    Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, Lee G (2009) Above the clouds: a Berkeley view of cloud computing. Technical report, Electrical Engineering and Computer Sciences, University of California at Berkeley Google Scholar
  3. 3.
    Buyya R, Yeo CS, Venugopal S (2008) Market-oriented cloud computing: vision, hype, and reality for delivering IT services as computing utilities. In: 10th IEEE international conference on high performance computing and communications. IEEE, Washington, pp 5–13 Google Scholar
  4. 4.
    Rosenblum M, Garfinkel T (2005) Virtual machine monitors: current technology and future trends. IEEE Comput 38:39–47 CrossRefGoogle Scholar
  5. 5.
    Smith JE, Nair R (2005) The architecture of virtual machines. IEEE Comput 38:32–38 CrossRefGoogle Scholar
  6. 6.
    Adams K, Agesen O (2006) A comparison of software and hardware techniques for x86 virtualization. In: 12th international conference on architectural support for programming languages and operating systems. ACM, California, pp 2–13 CrossRefGoogle Scholar
  7. 7.
    Garfinkel T, Rosenblum M (2005) When virtual is harder than real: security challenges in virtual machine based computing environments. In: 10th workshop on hot topics in operating systems. IEEE, Santa Fe, pp 20–25 Google Scholar
  8. 8.
    Machado RB, Boukerche A, Sobral JBM, Juca KRL, Notare MSMA (2005) A hybrid artificial immune and mobile agent intrusion detection based model for computer network operations. In: 19th IEEE international parallel and distributed processing symposium. IEEE, Denver, pp 191–198 CrossRefGoogle Scholar
  9. 9.
    Kim GH, Spafford EH (1994) The design and implementation of tripwire: a file system integrity checker. In: 2nd ACM conference on computer and communications security. ACM, Fairfax, pp 18–29 Google Scholar
  10. 10.
    Chrun D, Cukier M, Sneeringer G (2008) Finding corrupted computers using imperfect intrusion prevention system event data. In: Computer safety reliability, and security, vol 5219, pp 221–234 CrossRefGoogle Scholar
  11. 11.
    Jin H, Xiang G, Zhao F, Zou D, Li M, Shi L (2009) VMFence: a customized intrusion prevention system in distributed virtual computing environment. In: 3rd international conference on ubiquitous information management and communication. ACM, Suwon Google Scholar
  12. 12.
    Barham P, Dragovic B, Fraser K, Harris SHT, Ho A, Neugebauer R, Pratt I, Warfield A (2003) Xen and the art of virtualization. In: 19th ACM symposium on operating systems principles. ACM, New York, pp 164–177 Google Scholar
  13. 13.
    Pratt I, Fraser K, Hand S, Limpach C, Warfield A, Magenheimer D, Nakajima J, Mallick A (2005) Xen 3.0 and the art of virtualization. In: 2005 Linux symposium. USENIX, Ottawa, pp 65–77 Google Scholar
  14. 14.
    Chisnall D (2007) The definite guide to the Xen hypervisor. Prentice Hall, New York Google Scholar
  15. 15.
    Gelsinger PP (2001) Microprocessors for the new millennium: challenges, opportunities, and new frontiers. In: 45th international solid state circuits conference. ACM, San Francisco, pp 22–35 Google Scholar
  16. 16.
    Intel Staff. Intel 64 and IA-32 architectures software developer’s manuals. Intel Corporation, November 2008 Google Scholar
  17. 17.
    AMD Staff. AMD64 architecture programmer’s manual. AMD Corporation, September 2007 Google Scholar
  18. 18.
    Dunlap GW, King ST, Cinar S, Basrai M, Chen PM (2002) Revirt: enabling intrusion analysis through virtual machine logging and replay. In: 5th symposium on operating systems design and implementation. USENIX, Boston, pp 211–224 CrossRefGoogle Scholar
  19. 19.
    Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: 10th network and distributed system symposium. IEEE, San Diego, pp 191–206 Google Scholar
  20. 20.
    Joshi A, King ST, Dunlap GW, Chen PM (2005) Detecting past and present intrusions through vulnerability-specific predicates. In: 20th ACM symposium on operating systems principles. ACM, Brighton, pp 1–15 Google Scholar
  21. 21.
    Kourai K, Chiba S (2005) HyperSpector: virtual distributed monitoring environments for secure intrusion detection. In: 1st ACM/USENIX international conference on virtual execution environments. ACM, Chicago, pp 197–207 CrossRefGoogle Scholar
  22. 22.
    Pennington AG, Strunk JD, Griffin JL, Soules CAN, Goodson GR, Ganger GR (2003) Storage-based intrusion detection: watching storage activity for suspicious behavior. In: 12th USENIX security symposium. USENIX, Washington, pp 1–15 Google Scholar
  23. 23.
    Patil S, Kashyap A, Sivathanu G, Zadok E (2004) I3FS: an in-kernel integrity checker and intrusion detection file system. In: 18th USENIX large installation system administration conference. USENIX, Atlanta, pp 67–78 Google Scholar
  24. 24.
    Quynh NA, Takefuji Y (2007) A novel approach for a file-system integrity monitor tool of Xen virtual machine. In: 2nd ACM symposium on information, computer and communications security. ACM, Singapore, pp 194–203 Google Scholar
  25. 25.
    Bovet DP, Cesati M (2005) Understanding the Linux kernel, 3rd edn. O’Reilly, Sebastopol Google Scholar
  26. 26.
    VMware Home Page.
  27. 27.
  28. 28.
    OSSEC Home Page.
  29. 29.
    Snort Home Page.

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  • Hai Jin
    • 1
  • Guofu Xiang
    • 1
  • Deqing Zou
    • 1
  • Song Wu
    • 1
  • Feng Zhao
    • 1
  • Min Li
    • 1
  • Weide Zheng
    • 1
  1. 1.Services Computing Technology and System Lab, Cluster and Grid Computing Lab, School of Computer Science and TechnologyHuazhong University of Science and TechnologyWuhanChina

Personalised recommendations