Use this URL to cite or link to this record in EThOS:
Title: Virtualisation security in cloud computing
Author: Win, Thu Yein
ISNI:       0000 0004 6422 1312
Awarding Body: Glasgow Caledonian University
Current Institution: Glasgow Caledonian University
Date of Award: 2016
Availability of Full Text:
Access from EThOS:
Virtualisation is the underpinning technology enabling cloud computing service provisioning. With the recent widespread adoption of different hardware and container virtualisation technologies, the virtualisation environment has become an attractive target amongst cyberattackers to launch attacks. The aim of this research thesis is to design and propose a virtualisation security system which provides protection of the guests in a virtualisation environment against security attacks. It features novel applications of system call analysis as well as machine learning techniques in security threat detection in both hardware as well as container virtualisation environments. The malware and rootkit detection approach detects in real-time security threat detection within guests in hardware virtualisation environments. It features a lightweight in-guest monitor together with an external control monitor. The former uses selective system call monitoring together with system call hashing for guest behaviour monitoring, while the latter uses an offline-trained SVM (Support Vector Machine) classifier to detect threats. The container security approach protects the container guests against attacks exploiting two newly-discovered kernel namespace vulnerabilities Host Break-in and Illegal Container Process Isolation. It runs within the host kemelspace and uses the built-in AppArmor MAC (Mandatory Access Control) framework together with system call monitoring in detecting unauthorized container access from the host. The Big Data based security analytics approach leverages the analytical capabilities of Big Data technologies in security monitoring in both virtualisation environments. It periodically obtains network and application logs from guests and passes them to a MapReduce framework for feature extraction, before using logistic regression and belief propagation for threat detection. The effectiveness of these proposed approaches were evaluated against well-known user- level malware as well as kernel-level rootkit attacks, with measurements obtained to prove their feasibility to deployed in real-world virtualisation environments.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available