A Wingman for Virtual Appliances
Runtime Verification: 17th International Conference, RV 2017 (RV) 2017.
© Copyright 2017 Springer International Publishing AG
Operating Systems, Security, Virtualization, Cloud
Wingman is a run-time monitoring system that aims to detect and mitigate anomalies, including malware infections, within virtual appliances (VAs). It observes the kernel state of a VA and uses an expert system to determine when that state is anomalous. Wingman does not simply restart a compromised VA; instead, it attempts to repair the VA, thereby minimizing potential downtime and state loss. This paper describes Wingman and summarizes experiments in which it detected and mitigated three types of malware within a web-server VA. For each attack, Wingman was able to defend the VA by bringing it to an acceptable state.