CloudER

Ping Chen, Dongyan Xu, Bing Mao
2012 Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security - ASIACCS '12  
In a virtualization-based cloud infrastructure, customers of the cloud deploy virtual machines (VMs) with their own applications and customized runtime environments. The cloud provider supports the execution of these VMs without detailed knowledge of the guest applications and operating systems in the VMs. In addition to elastic resource provisioning for the VMs, a desirable "value-added" service the cloud provider can provide is the emergency response to runtime incidences of software bugs and
more » ... vulnerabilities. The challenge is to facilitate the automatic runtime detection, location, and patching of the software vulnerability -outside the VMs and without the source code. In this paper, we present CloudER, a cloud "emergency room" architecture that automatically detect, locate, and patch software vulnerabilities in cloud application binaries at runtime. CloudER leverages an existing taint-based system (Demand Emulation) for runtime anomaly detection, employs new algorithms for software vulnerability location and patch generation, and adapts a virtual machine introspection system (XenAccess) for dynamic patching. Our preliminary evaluation experiments with a number of real-world server applications show that CloudER achieves timely response to runtime software faults or attacks from outside the VMs.
doi:10.1145/2414456.2414485 dblp:conf/ccs/ChenXM12 fatcat:26gepyy5rrgydnftb3qlk2v2oy