Arav: Monitoring a Cloud's Virtual Routers
| Title | Arav: Monitoring a Cloud's Virtual Routers |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Bushouse, Micah, Ahn, Sanghyun, Reeves, Douglas |
| Conference Name | Proceedings of the 12th Annual Conference on Cyber and Information Security Research |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4855-3 |
| Keywords | Cloud Security, Metrics, pubcrawl, resilience, Resiliency, Router Systems, Router Systems Security, security, virtual machine introspection, virtual routers |
| Abstract | Virtual Routers (VRs) are increasingly common in cloud environments. VRs route traffic between network segments and support network services. Routers, including VRs, have been the target of several recent high-profile attacks, emphasizing the need for more security measures, including security monitoring. However, existing agent-based monitoring systems are incompatible with a VR's temporary nature, stripped-down operating system, and placement in the cloud. As a result, VRs are often not monitored, leading to undetected security incidents. This paper proposes a new security monitoring design that leverages virtualization instead of in-guest agents. Its hypervisor-based system, Arav, scrutinizes VRs by novel application of Virtual Machine Introspection (VMI) breakpoint injection. Arav monitored and addressed security-related events in two common VRs, pfSense and VyOS, and detected four attacks against two popular VR services, Quagga and OpenVPN. Arav's performance overhead is negligible, less than 0.63%, demonstrating VMI's utility in monitoring virtual machines unsuitable for traditional security monitoring. |
| URL | https://dl.acm.org/citation.cfm?doid=3064814.3064829 |
| DOI | 10.1145/3064814.3064829 |
| Citation Key | bushouse_arav:_2017 |