Cloud computing environments allow customers to execute arbitrary code on hardware owned by a cloud provider. While cloud providers use virtualization to ensure isolation between customers, they face additional security challenges. Malicious customers may leverage the provider's hardware to launch attacks, either from VMs they own or by compromising VMs from benign customers. These attacks can damage the provider's reputation and ability to serve other customers. In this paper we show that while cloud providers can use introspection to monitor customer VMs and detect malicious activity, it must be used with care since existing introspection techniques are based on assumptions that do not hold in cloud environments.
Lionel Litty, H. Andrés Lagar-Cavilla, Davi