NCSU researchers thwart malware in cloud systems
Researchers from North Carolina State University (NCSU), with funding from the U.S. Army Research Office, the National Science Foundation and IBM, have developed software that enhances security for cloud-computing systems used in healthcare and elsewhere.
The software, called HyperSentry, detects malware in cloud hypervisors, and does so without alerting the malware that it is being examined, according to NCSU.
In the cloud-computing paradigm, hypervisors create the virtual workspace that allows different operating systems to run in isolation from one another, even though each system is using computing power and storage capability on the same computer.
Intelligent malware can “hide” from security programs that look only at the memory where the hypervisor is supposed to be located. Such malware can effectively make itself invisible to security programs by modifying certain internal CPU memory and thus relocating the infected hypervisor elsewhere.
The software enables cloud administrators to measure the integrity of hypervisors in run time, meaning that the administrators can check to see whether a hypervisor has been breached by a third party while the hypervisor is operating. HyperSentry looks at hypervisor program memory and internal CPU memory. By ensuring in-context measurement, HyperSentry can successfully track where an infected hypervisor is actually located and thus detect intelligent malware.
Once a compromised hypervisor has been detected, a cloud administrator can take action, such as shutting down the computer, performing additional investigations to identify the scope of the problem or limiting how far the damage can spread.
The software, called HyperSentry, detects malware in cloud hypervisors, and does so without alerting the malware that it is being examined, according to NCSU.
In the cloud-computing paradigm, hypervisors create the virtual workspace that allows different operating systems to run in isolation from one another, even though each system is using computing power and storage capability on the same computer.
Intelligent malware can “hide” from security programs that look only at the memory where the hypervisor is supposed to be located. Such malware can effectively make itself invisible to security programs by modifying certain internal CPU memory and thus relocating the infected hypervisor elsewhere.
The software enables cloud administrators to measure the integrity of hypervisors in run time, meaning that the administrators can check to see whether a hypervisor has been breached by a third party while the hypervisor is operating. HyperSentry looks at hypervisor program memory and internal CPU memory. By ensuring in-context measurement, HyperSentry can successfully track where an infected hypervisor is actually located and thus detect intelligent malware.
Once a compromised hypervisor has been detected, a cloud administrator can take action, such as shutting down the computer, performing additional investigations to identify the scope of the problem or limiting how far the damage can spread.