Covert channel is a major threat to the information system security and commonly found in operating systems, especially in cloud computing environment. Owing to the characteristics in cloud computing environment such as resources sharing and logic boundaries, covert channels become more varied and difficult to find. Focusing on those problems, this paper presents a universal method for detecting covert channel automatically. To achieve a global detection, we leveraged a virtual machine event record mechanism in hypervisor to gather necessary metadata. Combining the shared resources matrix methodology with events association mechanism, we proposed a distinctive algorithm that can accurately locate and analyze malicious covert channels from the respect of behaviors. Compared with the popular statistical test methods focusing on the single covert channel, our method is capable of recognizing and detecting more covert channels in real time. Experimental results show that this method is not only able to detect multilevel and multiform covert channels in cloud environment effectively but also facilitates the implementation and deployment in practical scenarios without modifying the existing system.
cloud security, covert channel detection, event association analysis, shared resource matrix
Security and Communication Networks
WANG, Lina; LIU, Weijie; KUMAR, Neeraj; HE, Debiao; TAN, Cheng; and GAO, Debin.
A novel covert channel detection method in cloud based on XSRM and improved event association algorithm. (2016). Security and Communication Networks. 9, (16), 3543-3557. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/3425
Copyright Owner and License
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.