CloudI: Cloud Security based on Cloud Introspection

With the extensive application of cloud computing technology, the government, enterprises and individuals have migrated their IT applications and sensitive data to the cloud. The cloud security issues have been paid more and more attention by academics and industry. At present, the cloud security solutions are mainly implemented in the user cloud platform, such as the internal part of guest virtual machine, high privileged domain, and virtual machine monitor (VMM) or hardware layer. Through the monitoring of the tenant virtual machine to find out malicious attacks and abnormal state, which ensures the security of user cloud to a certain extent. However, this kind of method has the following shortcomings: firstly, it will increase the cloud platform overhead and interfere with the normal cloud services. Secondly, it could only obtain a limited type of security state information, so the function is single and difficult to expand. Thirdly, there will cause false information if the user cloud platform has been compromised, which will affect the effectiveness of cloud security monitoring. This paper proposes a cloud security model based on cloud introspection technology. In the user cloud platform, we deploy cloud probes to obtain the user cloud state information, such as system memory, network communication and disk storage, etc. Then we synchronize the cloud state information to the introspection cloud, which is deployed independent. Finally, through bridging the semantic gap and data analysis in the introspection cloud, we can master the security state of user cloud. At the same time, we design and implement the prototype system of CloudI (Cloud Introspection). Through the comparison with the original cloud security technology by a series of experiments, CloudI has characteristics of high security, high performance, high expandability and multiple functions.