The present embodiments relate to security in a virtualized operating system environment with an active host based Intrusion Detection System (IDS). More specifically, the IDS functions to identify an infection operating on the shared operating system kernel, and to provide a remedy to the identified infection.
Cloud computing is a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, network bandwidth, servers, processing, memory, storage, applications, virtual machines, and services) that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service. Cloud service models such as Software as Service (SaaS), Infrastructure as Service (IaaS) and Platform as a Service (PaaS) are relied on by developers and entry level users in daily activities. At the same time, as the demand for cloud services rises, there is an increased demand for security in the cloud.
Hardware virtualization requires each virtual machine to have an instance of the operating system, including its own kernel. A container in the cloud computing model effectively partitions resources managed by a single operating system into isolated groups. Operating system virtualization permits containers to allow execution of multiple isolated user instances on a single operating system having a single kernel.
By employing container partitioning, an operating system provides applications the illusion of running on a separate machine while at the same time sharing underlying resources. For example, the page cache of a common file (i.e. “glibc”) may effectively be shared by two or more containers using the same kernel. Depending on the container configuration, these containers may frequent the same library (i.e. “libc”). This example of resource sharing can extend to files in directories that are the subject of read and write operations. However, it is understood that by enabling the sharing in this manner, containers may be subject to security vulnerabilities that aim to take control of the root user and/or solicit unauthorized container access. Accordingly, there is a need to address security in the virtualized operating system environment.