Although Virtual Machine Introspection (VMI) tools are increasingly capable, modern multi-tenant cloud providers are hesitant to expose the sensitive hypervisor APIs necessary for tenants to use them. Outside the cloud, VMI and virtualization-based security’s adoption rates are rising and increasingly considered necessary to counter sophisticated threats. This paper introduces Furnace, an open source VMI framework that outperforms prior frameworks by satisfying both a cloud provider’s expectation of security and a tenant’s desire to run their own custom VMI tools underneath their cloud VMs. Furnace’s flexibility and ease of use is demonstrated by porting four existing security and monitoring tools as Furnace VMI apps; these apps are shown to be resource efficient while executing up to 300x faster than those in previous VMI frameworks. Furnace’s security properties are shown to protect against the actions of malicious tenant apps.
CITATION STYLE
Bushouse, M., & Reeves, D. (2018). Furnace: Self-service tenant VMI for the cloud. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11050 LNCS, pp. 647–669). Springer Verlag. https://doi.org/10.1007/978-3-030-00470-5_30
Mendeley helps you to discover research relevant for your work.