Publication Type

Journal Article

Version

Preprint

Publication Date

11-2016

Abstract

Covert channel is a major threat to the information system security and commonly found in operating systems, especially in cloud computing environment. Owing to the characteristics in cloud computing environment such as resources sharing and logic boundaries, covert channels become more varied and difficult to find. Focusing on those problems, this paper presents a universal method for detecting covert channel automatically. To achieve a global detection, we leveraged a virtual machine event record mechanism in hypervisor to gather necessary metadata. Combining the shared resources matrix methodology with events association mechanism, we proposed a distinctive algorithm that can accurately locate and analyze malicious covert channels from the respect of behaviors. Compared with the popular statistical test methods focusing on the single covert channel, our method is capable of recognizing and detecting more covert channels in real time. Experimental results show that this method is not only able to detect multilevel and multiform covert channels in cloud environment effectively but also facilitates the implementation and deployment in practical scenarios without modifying the existing system.

Keywords

cloud security, covert channel detection, event association analysis, shared resource matrix

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Security and Communication Networks

Volume

9

Issue

16

First Page

3543

Last Page

3557

ISSN

1939-0114

Identifier

10.1002/sec.1560

Publisher

Wiley

Copyright Owner and License

Authors

Creative Commons License

Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

Additional URL

http://doi.org/10.1002/sec.1560

Share

COinS