Agentless and Uniform Introspection for Various Security Services in IaaS Cloud

With the introduction of virtual machine introspection into IaaS cloud, indirect inspection of the state about guest VMs is supported with strong isolation. But it requires the privilege access to the virtual machine monitor and lacks manageability due to the need of installing various security vendors' agents in a privileged VM. In this paper, we propose an agentless and uniform introspection framework, called SE Cloud, which supports expert security vendors to build robust and flexible protections for guest VMs of their customers. With the separation of introspection and security-business code, SE Cloud can stealthily fetch the state of monitored VMs without installing any code of security vendors, which resists rootkit from compromising or evading "in-the-box" security services and is convenient to manage "out-of-the-box" security services. Our preliminary experimental results show that SE-Cloud can support robust and flexible introspection over guest VMs with acceptable overhead.