One of the major challenges in Cloud computing is providing security to the cloud resources. In present paper, we make use of the concept of virtualization to protect the cloud components and the integrity of guest virtual machines. To guarantee increased security to cloud resources, an architecture called Cloud Protection System (CPS) is proposed. CPS remains fully transparent to the cloud components and the guest virtual machines since it is implemented on the base machine and monitors the integrity of guest virtual machines. Also, we propose an architecture called HypeSec, which can be integrated in the hypervisor Qemu, where it controls all inter-VM communication according to formal security policies. The architecture CPS is fully implemented using Eucalyptus cloud environment, and Qemu as the hypervisor. The effectiveness of the prototype is shown by testing it against the Sebek rootkit attack.

1. Armbrust M, Fox A, Griffith R. Above the clouds: A Berkeley view of cloud computing. Technical Report UCB/EECS-2009-28, EECS Department, University of California, Berkeley, February 2009.
2. Bellard F. Qemu, a fast and portable dynamic translator. In ATEC ’05: Proceedings of the annual conference on USENIX annual technical conference, Berkeley, CA, USA, 2005. USENIX Association, p. 41.
3. Seshadri A, Luk M, Qu N, Perrig A. Secvisor: a tiny hypervisor to provide life time kernel code integrity for commodity oses. In SOSP’07: Proceedings of twenty first ACM SIGOPS symposium on operating systems principles, ACM, New York, NY, USA, 2007. p. 335–50.
4. Payne BD, Carbone M, Sharif M, Lee W. Lares: An architecture for secure active monitoring using virtualization. In SP ’08: Proceedings of the 2008 IEEE symposium on security and privacy (sp2008), IEEE Computer Society, Washington, DC, USA, 2008. pp. 233- 47.
5. Lombardi F, Di Pietro R. Kvmsec: a security extension for linux kernel virtual machines. In SAC ’09: Proceedings of the 2009 ACM symposium on applied Computing, ACM, New York, NY, USA, 2009. pp. 2029–34.
6. Qumranet. Linux kernel virtual machine. http://kvm.qumranet.com.
7. Peter M, Schild H, Lackorzynski A, Warg A. Virtual machines jailed: virtualization in systems with small trusted computing bases. In VDTS ’09: Proceedings of the 1st EuroSys Workshop on virtualization technology for dependable systems, ACM, New York, NY, USA, 2009. p.18–23.
8. Rhee J, Riley R, Xu D, Jiang X. Defeating dynamic data kernel rootkit attacks via vmm-based guest transparent monitoring. Availability, Reliability and Security, 2009. ARES ’09.
9. Lombardi F, Di Pietro R. Transparent security for cloud. In SAC’10: Proceedings of the 2010 ACM symposium on applied computing.
10. Lombardi F, Di Pietro R. Secure virtualization for cloud computing. In Elsevier, June 2010: Journal of Network and Computer Applications.

Eucalyptus Hypervisor Qemu virtualization