Security Architecture for Virtual Machines

  • Udaya Tupakula
  • Vijay Varadharajan
  • Abhishek Bichhawat
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7016)


We propose security architecture based on virtual machine monitor to efficiently deal with attacks on virtual machines. We will show that our model is capable of detecting suspicious processes running in the virtual machine, can detect and prevent different types of attacks including zero day attacks by monitoring the virtual machine traffic and the processes that are generating or receiving the traffic. The architecture also makes use of sharing information about the suspicious behaviour among multiple Intrusion detection systems deployed in different virtual machine monitors. We describe the implementation of the proposed architecture and present a detailed analysis of how our architecture can be used to detect zero day attacks.


Virtual Machine Monitors Intrusion Detection hidden processes 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer worm. IEEE, Security & Privacy 1(4), 33–39 (2003)CrossRefGoogle Scholar
  2. 2.
    Shin, S., Gu, G.: Conficker and Beyond: A Large-Scale Empirical Study. In: 26th Annual Computer Security Applications Conference, Austin, Texas, USA, December 6-10, pp. 151–160. ACM, New York (2010)Google Scholar
  3. 3.
    Smith, J.E., Nair, R.: The architecture of virtual machines. Computer 38(5), 32–38 (2005)CrossRefGoogle Scholar
  4. 4.
    Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: 10th Network and Distributed System Security Symposium, California. Internet Society, USA (2003)Google Scholar
  5. 5.
    Jones, S., Arpaci-Dusseau, A., Arpaci-Dusseau, R.: VMM-based Hidden Process Detection and Identification using Lycosid. In: 4th International Conference on Virtual execution environments, Seattle, WA, March 5-7, pp. 91–100. ACM SIGPLAN/SIGOPS, USA (2008)Google Scholar
  6. 6.
    Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-End containment of Internet Worms. In: Proceedings of the 20th ACM symposium on Operating systems principles, SOSP 2005, Brighton, UK, October 23-26, pp. 133–147. ACM, New York (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Udaya Tupakula
    • 1
  • Vijay Varadharajan
    • 1
  • Abhishek Bichhawat
    • 2
  1. 1.Information & Networked Systems Security Research, Department of Computing, Faculty of ScienceMacquarie UniversitySydneyAustralia
  2. 2.Department of Electronics and Computer EngineeringIIT RoorkeeIndia

Personalised recommendations