Featured Research

from universities, journals, and other organizations

Ability to detect malware in cloud-computing systems improved

Date:
September 21, 2010
Source:
North Carolina State University
Summary:
Researchers have developed new software that offers significantly enhanced security for cloud-computing systems. The software is much better at detecting viruses or other malware in the "hypervisors" that are critical to cloud computing, and does so without alerting the malware that it is being examined.

Researchers from North Carolina State University have developed new software that offers significantly enhanced security for cloud-computing systems. The software is much better at detecting viruses or other malware in the "hypervisors" that are critical to cloud computing, and does so without alerting the malware that it is being examined.

Related Articles


Cloud computing is being hailed as a flexible, affordable way of offering computer resources to consumers. Under the cloud-computing paradigm, the computational power and storage of multiple computers is pooled, and can be shared by multiple users. But concerns exist about hackers finding ways to insert malware into cloud computing systems. A new program called HyperSentry, developed by researchers at NC State and IBM, should help allay those fears.

HyperSentry is security software that focuses on protecting hypervisors in virtual computing clouds. Hypervisors are programs that create the virtual workspace that allows different operating systems to run in isolation from one another -- even though each of these systems is using computing power and storage capability on the same computer.

Specifically, HyperSentry enables cloud administrators to measure the integrity of hypervisors in run time -- meaning that the administrators can check to see whether a hypervisor has been breached by a third party, while the hypervisor is operating.

"The concern is that an attacker could compromise a hypervisor, giving them control of the cloud," says Dr. Peng Ning, professor of computer science at NC State and co-author of a paper describing the research. If a hypervisor is compromised, the attacker could do almost anything: access users' sensitive information; use the cloud's computing resources to attack other Internet entities; spread malware; etc.

"HyperSentry solves two problems," Ning says. "It measures hypervisor integrity in a stealthy way, and it does so in the context of the hypervisor." Context is important, Ning explains. To effectively identify hypervisor problems you need to look at the hypervisor program memory and the registers inside the central processing units (CPUs) that are actually running the program. (The registers are the internal memory of CPUs.) This is important because intelligent malware can conceal itself from security programs that look only at the memory where the hypervisor is supposed to be located -- they can effectively make themselves invisible to such security programs by modifying certain registers of the CPU and thus relocating the infected hypervisor elsewhere. By ensuring in-context measurement, HyperSentry can successfully track where the infected hypervisor is actually located and thus defeat such intelligent malware.

The fact that HyperSentry can check the integrity of a hypervisor in a stealthy way -- checking the hypervisor without the hypervisor being aware of it -- is important too. If a hypervisor is aware that it is being scrutinized, and has already been compromised, it can notify the malware. The malware, once alerted, can then restore the hypervisor to its normal state in order to avoid detection. Then the malware effectively hides until the security check is over.

Once a compromised hypervisor has been detected, a cloud administrator can take action to respond to the compromise, such as shutting down the computer, performing additional investigations to identify the scope of the problem and limiting how far the damage can spread.

The research is being presented Oct. 5 at the 17th ACM Conference on Computer and Communications Security in Chicago, Ill. The research was a part of the thesis work of NC State Ph.D. student Ahmed Azab, and was co-authored by Ning; NC State Ph.D. student Zhi Wang; Dr. Xuxian Jiang, an assistant professor of computer science at NC State; and Dr. Xiaolan Zhang and Nathan Skalsky of IBM. The work was done with funding from the U.S. Army Research Office, the National Science Foundation and IBM.

The study "HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity" by Ahmed M. Azab, Peng Ning, Zhi Wang, Xuxian Jiang, North Carolina State University; Xiaolan Zhang, IBM T. J. Watson Research Center; Nathan C. Skalsky, IBM Systems & Technology Group was presented on Oct. 5, 2010, at the 17th ACM Conference on Computer and Communications Security in Chicago, Ill.


Story Source:

The above story is based on materials provided by North Carolina State University. Note: Materials may be edited for content and length.


Cite This Page:

North Carolina State University. "Ability to detect malware in cloud-computing systems improved." ScienceDaily. ScienceDaily, 21 September 2010. <www.sciencedaily.com/releases/2010/09/100921101339.htm>.
North Carolina State University. (2010, September 21). Ability to detect malware in cloud-computing systems improved. ScienceDaily. Retrieved December 19, 2014 from www.sciencedaily.com/releases/2010/09/100921101339.htm
North Carolina State University. "Ability to detect malware in cloud-computing systems improved." ScienceDaily. www.sciencedaily.com/releases/2010/09/100921101339.htm (accessed December 19, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Friday, December 19, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Building Google Into Cars

Building Google Into Cars

Reuters - Business Video Online (Dec. 19, 2014) Google's next Android version could become the standard that'll power your vehicle's entertainment and navigation features, Reuters has learned. Fred Katayama reports. Video provided by Reuters
Powered by NewsLook.com
After Sony Hack, What's Next?

After Sony Hack, What's Next?

Reuters - US Online Video (Dec. 19, 2014) The hacking attack on Sony Pictures has U.S. government officials weighing their response to the cyber-attack. Linda So reports. Video provided by Reuters
Powered by NewsLook.com
Navy Unveils Robot Fish

Navy Unveils Robot Fish

Reuters - Light News Video Online (Dec. 18, 2014) The U.S. Navy unveils an underwater device that mimics the movement of a fish. Tara Cleary reports. Video provided by Reuters
Powered by NewsLook.com
How 2014 Shaped The Future Of The Internet

How 2014 Shaped The Future Of The Internet

Newsy (Dec. 18, 2014) It has been a long, busy year for Net Neutrality. The stage is set for an expected landmark FCC decision sometime in 2015. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins