{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:33:31Z","timestamp":1760240011863,"version":"build-2065373602"},"reference-count":37,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2019,2,18]],"date-time":"2019-02-18T00:00:00Z","timestamp":1550448000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No.61402508","No.61303191","No.61472439"],"award-info":[{"award-number":["No.61402508","No.61303191","No.61472439"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National High Technology Research and Development Program of China","award":["No. 2015AA016010"],"award-info":[{"award-number":["No. 2015AA016010"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>The dramatic proliferation of cloud computing makes it an attractive target for malicious attacks. Increasing solutions resort to virtual machine introspection (VMI) to deal with security issues in the cloud environment. However, the existing works are not feasible to support tenants to customize individual security services based on their security requirements flexibly. Additionally, adoption of VMI-based security solutions makes tenants at the risk of exposing sensitive information to attackers. To alleviate the security and privacy anxieties of tenants, we present SECLOUD, a framework for monitoring VMs in the cloud for security analysis in this paper. By extending VMI techniques, SECLOUD provides remote tenants or their authorized security service providers with flexible interfaces for monitoring runtime information of guest virtual machines (VMs) in a non-intrusive manner. The proposed framework enhances effectiveness of monitoring by taking advantages of architectural symmetry of cloud environment. Moreover, we harden our framework with a privacy-preserving capacity for tenants. The flexibility and effectiveness of SECLOUD is demonstrated through a prototype implementation based on Xen hypervisor, which results in acceptable performance overhead.<\/jats:p>","DOI":"10.3390\/sym11020252","type":"journal-article","created":{"date-parts":[[2019,2,19]],"date-time":"2019-02-19T04:08:20Z","timestamp":1550549300000},"page":"252","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Tenant-Oriented Monitoring for Customized Security Services in the Cloud"],"prefix":"10.3390","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9822-0527","authenticated-orcid":false,"given":"Huaizhe","family":"Zhou","sequence":"first","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7532-3187","authenticated-orcid":false,"given":"Haihe","family":"Ba","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yongjun","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiying","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jun","family":"Ma","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yunshi","family":"Li","sequence":"additional","affiliation":[{"name":"Northwest Institute of Eco-Environment and Resources, Chinese Academy of Sciences, Lanzhou 730000, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Huidong","family":"Qiao","sequence":"additional","affiliation":[{"name":"College of Computer, National University of Defense Technology, Changsha 410073, China"},{"name":"College of Computer and Communication, Hunan Institute of Engineering, Xiangtan 411100, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2019,2,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1016\/j.jnca.2016.11.027","article-title":"Cloud security issues and challenges: A survey","volume":"79","author":"Singh","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Baliga, A., Kamat, P., and Iftode, L. (2007, January 20\u201323). Lurking in the shadows: Identifying systemic threats to kernel data. Proceedings of the IEEE Symposium on Security and Privacy (SP), Berkeley, CA, USA.","DOI":"10.1109\/SP.2007.25"},{"key":"ref_3","unstructured":"Garfinkel, T., and Rosenblum, M. (2003, January 18\u201321). A Virtual Machine Introspection Based Architecture for Intrusion Detection. Proceedings of the Conference on Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2775111","article-title":"A Survey on Hypervisor-Based Monitoring: Approaches, Applications, and Evolutions","volume":"48","author":"Bauman","year":"2015","journal-title":"ACM Comput. Surv."},{"key":"ref_5","unstructured":"Hizver, J., and Chiueh, T.C. (, January 1\u20134). Real-time Deep Virtual Machine Introspection and Its Applications. Proceedings of the 10th ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments (VEE \u201914), Salt Lake City, UT, USA."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., and Xu, D. (2007, January 28\u201331). Stealthy Malware Detection Through Vmm-based \u201cOut-of-the-box\u201d Semantic View Reconstruction. Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, USA.","DOI":"10.1145\/1315245.1315262"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., and Kiayias, A. (2014, January 8\u201312). Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System. Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), New Orleans, LA, USA.","DOI":"10.1145\/2664243.2664252"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Laur\u00e9n, S., and Lepp\u00e4nen, V. (2018, January 4\u201317). Virtual Machine Introspection based Cloud Monitoring Platform. Proceedings of the 19th International Conference on Computer Systems and Technologies, Varanasi, India.","DOI":"10.1145\/3274005.3274030"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Butt, S., Lagar-Cavilla, H.A., Srivastava, A., and Ganapathy, V. (2012, January 16\u201318). Self-service cloud computing. Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, USA.","DOI":"10.1145\/2382196.2382226"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Zhang, F., Chen, J., Chen, H., and Zang, B. (2011, January 23\u201326). CloudVisor: Retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, Cascais, Portugal.","DOI":"10.1145\/2043556.2043576"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Li, C., Raghunathan, A., and Jha, N.K. (2010, January 5\u201310). Secure virtual machine execution under an untrusted management OS. Proceedings of the IEEE 3rd International Conference on Cloud Computing (CLOUD), Miami, FL, USA.","DOI":"10.1109\/CLOUD.2010.29"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2505124","article-title":"Bridging the semantic gap in virtual machine introspection via online kernel data redirection","volume":"16","author":"Fu","year":"2013","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Payne, B.D., Martim, D.d.A., and Lee, W. (2007, January 11\u201314). Secure and flexible monitoring of virtual machines. Proceedings of the Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), Miami, FL, USA.","DOI":"10.1109\/ACSAC.2007.4413005"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Gu, Z., Deng, Z., Xu, D., and Jiang, X. (2011, January 4\u20137). Process implanting: A new active introspection framework for virtualization. Proceedings of the 30th IEEE Symposium on Reliable Distributed Systems (SRDS), Madrid, Spain.","DOI":"10.1109\/SRDS.2011.26"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Jain, B., Baig, M.B., Zhang, D., Porter, D.E., and Sion, R. (2014, January 17\u201318). Sok: Introspections on trust and the semantic gap. Proceedings of the IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2014.45"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Harrison, C., Cook, D., McGraw, R., and Hamilton, J. (2012, January 25\u201327). Constructing a cloud-based IDS by merging VMI with FMA. Proceedings of the IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Liverpool, UK.","DOI":"10.1109\/TrustCom.2012.113"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Azab, A.M., Ning, P., Sezer, E.C., and Zhang, X. (2009, January 6\u201310). HIMA: A hypervisor-based integrity measurement agent. Proceedings of the Computer Security Applications Conference (ACSAC\u201909), Austin, TX, USA.","DOI":"10.1109\/ACSAC.2009.50"},{"key":"ref_18","unstructured":"Srivastava, A., and Giffin, J. (2008, January 15\u201317). Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections. Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection (RAID), Cambridge, MA, USA."},{"key":"ref_19","unstructured":"Ahmed, I., Richard, G.G., Zoranic, A., and Roussev, V. (2013, January 13\u201315). Integrity Checking of Function Pointers in Kernel Pools via Virtual Machine Introspection. Proceedings of the 16th International Conference on Information Security (ISC), Dallas, TX, USA."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1145\/2674025.2576212","article-title":"Composable multi-level debugging with Stackdb","volume":"Volume 49","author":"Johnson","year":"2014","journal-title":"ACM SIGPLAN Notices"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Suneja, S., Isci, C., Bala, V., De Lara, E., and Mummert, T. (2014, January 16\u201320). Non-intrusive, out-of-band and out-of-the-box systems monitoring in the cloud. Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Austin, TX, USA.","DOI":"10.1145\/2591971.2592009"},{"key":"ref_22","first-page":"1","article-title":"Secure Virtualization Environment Based on Advanced Memory Introspection","volume":"2018","author":"Zhang","year":"2018","journal-title":"Secur. Commun. Netw."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Cui, L., Song, Z., Li, Y., and Hao, Z. (2018, January 20\u201322). XScope: Memory Introspection Based Malicious Application Detection. Proceedings of the 5th International Conference on Information Science and Control Engineering (ICISCE), Zhengzhou, China.","DOI":"10.1109\/ICISCE.2018.00264"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Proskurin, S., Lengyel, T., Momeu, M., Eckert, C., and Zarras, A. (2018, January 3\u20137). Hiding in the Shadows: Empowering ARM for Stealthy Virtual Machine Introspection. Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, PR, USA.","DOI":"10.1145\/3274694.3274698"},{"key":"ref_25","unstructured":"Stratsec IT Security Winter School (2018, September 01). botCloud\u2014An Emerging Platform for Cyber-Attacks. Available online: https:\/\/0xicf.wordpress.com\/2012\/11\/02\/botcloud-an-emerging-platform-for-cyber-attacks\/\/."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Bhattasali, T., and Chaki, N. (2016, January 25\u201330). Poster: Exploring Security As a Service for IoT Enabled Remote Application Framework. Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services Companion (MobiSys Companion), Singapore.","DOI":"10.1145\/2938559.2948769"},{"key":"ref_27","unstructured":"Hurel, G., Badonnel, R., Lahmadi, A., and Festor, O. (2014, January 20\u201323). Outsourcing Mobile security in the cloud. Proceedings of the IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Munich, Germany."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Daniel, J., Dimitrakos, T., El-Moussa, F., Ducatel, G., Pawar, P., and Sajjad, A. (2014, January 15\u201318). Seamless enablement of intelligent protection for enterprise cloud applications through service store. Proceedings of the IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), Singapore.","DOI":"10.1109\/CloudCom.2014.92"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Wang, J., Stavrou, A., and Ghosh, A. (2010). Hypercheck: A hardware-assisted integrity monitor. Recent Advances in Intrusion Detection, Springer.","DOI":"10.1007\/978-3-642-15512-3_9"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Taubmann, B., Rakotondravony, N., and Reiser, H.P. (2016, January 23\u201326). Cloudphylactor: Harnessing mandatory access control for virtual machine introspection in cloud data centers. Proceedings of the Trustcom\/BigDataSE\/ISPA, Tianjin, China.","DOI":"10.1109\/TrustCom.2016.0162"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"S114","DOI":"10.1016\/j.diin.2016.01.014","article-title":"TLSkex: Harnessing virtual machine introspection for decrypting TLS communication","volume":"16","author":"Taubmann","year":"2016","journal-title":"Digit. Investig."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Kashyap, A., Kumar, G.S., Jangir, S., Pilli, E.S., and Mishra, P. (2017, January 13\u201316). IHIDS: Introspection-based hybrid intrusion detection system in cloud environment. Proceedings of the 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Udupi, India.","DOI":"10.1109\/ICACCI.2017.8125921"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Payne, B.D. (2012). Simplifying Virtual Machine Introspection Using Libvmi.","DOI":"10.2172\/1055635"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Baek, H., Srivastava, A., and Van der Merwe, J. (2014, January 11\u201314). CloudVMI: Virtual Machine Introspection As a Cloud Service. Proceedings of the 2014 IEEE International Conference on Cloud Engineering (IC2E), Boston, MA, USA.","DOI":"10.1109\/IC2E.2014.82"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Baek, H., Srivastava, A., and Van der Merwe, J. (2017, January 14\u201317). CloudSight: A tenant-oriented transparency framework for cross-layer cloud troubleshooting. Proceedings of the 17th IEEE\/ACM International Symposium on Cluster, Cloud and Grid Computing, Madrid, Spain.","DOI":"10.1109\/CCGRID.2017.97"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"S87","DOI":"10.1016\/j.diin.2013.06.010","article-title":"Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform","volume":"10","author":"Dykstra","year":"2013","journal-title":"Digit. Investig."},{"key":"ref_37","unstructured":"Bahram, S., Jiang, X., Wang, Z., Grace, M., Li, J., Srinivasan, D., Rhee, J., and Xu, D. (November, January 31). Dksm: Subverting virtual machine introspection for fun and profit. Proceedings of the 29th IEEE Symposium on Reliable Distributed Systems, New Delhi, India."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/11\/2\/252\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:32:53Z","timestamp":1760185973000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/11\/2\/252"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,2,18]]},"references-count":37,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2019,2]]}},"alternative-id":["sym11020252"],"URL":"https:\/\/doi.org\/10.3390\/sym11020252","relation":{},"ISSN":["2073-8994"],"issn-type":[{"type":"electronic","value":"2073-8994"}],"subject":[],"published":{"date-parts":[[2019,2,18]]}}}