Virtualization-based continuous monitoring services for security

Host: SYSGO, Research and Technology.

  • Main supervisor: Prof. Gerhard Fohler, fohler@eit.uni-kl.de (contact person)
  • Co-supervisor: Assistant Prof. Nicola Dragoni, ndra@dtu.dk

Requirements:

Objectives:

  1. Develop virtualization-based continuous monitoring solutions for security, capable of detecting security attacks, which takes advantage of the hypervisor’s access to low-level hardware states.
  2. Integrate the security solutions into the PikeOS hypervisor.

Expected Results:

  • Propose an in-depth security solution where every device (FN) contributes to the overall system security.
  • Determine how access to hardware by the hypervisor, e.g., control flow analysis and to direct network traffic can be used to assess potentially malicious application behavior.
  • Implement prototype intrusion and anomaly detection solutions using real-time machine learning.
  • Evaluate the overhead of the implemented solutions.
  • Extend SYSGO’s PikeOS hypervisor with the proposed security monitoring services.

Planned visits and collaboration:

  • TUKL (Prof. Gerhard Fohler): Evaluate the worst-case overhead of the anomaly detection solutions.

Description:

Please contact the main supervisor for a detailed description.

Relevant publications:

Please contact the main supervisor for relevant publications about the topic area.