A Wingman for Virtual Appliances
Runtime Verification: 17th International Conference, RV 2017 (RV) 2017.
DOI: 10.1007/978-3-319-67531-2_25
© Copyright 2017 Springer International Publishing AG
areas
Operating Systems,
Security,
Virtualization,
Cloud
abstract
Wingman is a run-time monitoring system that aims to detect and mitigate anomalies, including malware infections, within virtual appliances (VAs). It observes the kernel state of a VA and uses an expert system to determine when that state is anomalous. Wingman does not simply restart a compromised VA; instead, it attempts to repair the VA, thereby minimizing potential downtime and state loss. This paper describes Wingman and summarizes experiments in which it detected and mitigated three types of malware within a web-server VA. For each attack, Wingman was able to defend the VA by bringing it to an acceptable state.