Google has big dreams for cloud computing and already has a number of cloud-based offerings like Google Docs on the market. There is also a dark side to cloud computing with malware and other threats that can be propagated over cloud-based networks.
Researchers from North Carolina State University have developed software that offers new and enhanced security for cloud computing. The software looks for malware and viruses in the so-called hypervisors that cloud networks rely on. Hypervisors are the software components of a cloud-based network that actually create the virtual workspace that separates different systems and OS' that are accessing the cloud.
The problem with some current methods of checking for malware and other threats in cloud-based system is that the software in current use can alert the malware that a check is coming. This allows the malware to effectively hide by returning the runtime to its normal state for the duration of the security scan.
The new software developed by the researchers is able to check for malware without alerting malware that a scan is underway. The software allows the checks to be performed while the hypervisor is operating. The software is called HyperSentry.
“The concern is that an attacker could compromise a hypervisor, giving them control of the cloud,” says Dr. Peng Ning, professor of computer science at NC State and co-author of a paper describing the research. Ning continued stating, "HyperSentry solves two problems. It measures hypervisor integrity in a stealthy way, and it does so in the context of the hypervisor."
Context is an important part of the software and how it works according to Ning. The software Ning developed looks in the hypervisor program memory and at the registers inside the CPUs that are running the program. This allows it to see malware without giving the malware a chance to hide. Once HyperSentry detects a threat, the administrator of the cloud can take steps to eliminate the threat and limit the spread of the threat.