@misc{SianiparSukmanaMeinel2019,
  author    = {Sianipar, Johannes Harungguan and Sukmana, Muhammad Ihsan Haikal and Meinel, Christoph},
  title     = {Moving sensitive data against live memory dumping, spectre and meltdown attacks},
  series = {26th International Conference on Systems Engineering (ICSEng)},
  journal   = {26th International Conference on Systems Engineering (ICSEng)},
  publisher = {IEEE},
  address   = {New York},
  isbn      = {978-1-5386-7834-3},
  pages     = {8},
  year      = {2019},
  abstract  = {The emergence of cloud computing allows users to easily host their Virtual Machines with no up-front investment and the guarantee of always available anytime anywhere. But with the Virtual Machine (VM) is hosted outside of user's premise, the user loses the physical control of the VM as it could be running on untrusted host machines in the cloud. Malicious host administrator could launch live memory dumping, Spectre, or Meltdown attacks in order to extract sensitive information from the VM's memory, e.g. passwords or cryptographic keys of applications running in the VM. In this paper, inspired by the moving target defense (MTD) scheme, we propose a novel approach to increase the security of application's sensitive data in the VM by continuously moving the sensitive data among several memory allocations (blocks) in Random Access Memory (RAM). A movement function is added into the application source code in order for the function to be running concurrently with the application's main function. Our approach could reduce the possibility of VM's sensitive data in the memory to be leaked into memory dump file by 2 5\% and secure the sensitive data from Spectre and Meltdown attacks. Our approach's overhead depends on the number and the size of the sensitive data.},
  language  = {en}
}
@misc{SianiparWillemsMeinel2019,
  author    = {Sianipar, Johannes Harungguan and Willems, Christian and Meinel, Christoph},
  title     = {Virtual machine integrity verification in Crowd-Resourcing Virtual Laboratory},
  series = {2018 IEEE 11th Conference on Service-Oriented Computing and Applications (SOCA)},
  journal   = {2018 IEEE 11th Conference on Service-Oriented Computing and Applications (SOCA)},
  publisher = {IEEE},
  address   = {New York},
  isbn      = {978-1-5386-9133-5},
  issn      = {2163-2871},
  doi       = {10.1109/SOCA.2018.00032},
  pages     = {169 -- 176},
  year      = {2019},
  abstract  = {In cloud computing, users are able to use their own operating system (OS) image to run a virtual machine (VM) on a remote host. The virtual machine OS is started by the user using some interfaces provided by a cloud provider in public or private cloud. In peer to peer cloud, the VM is started by the host admin. After the VM is running, the user could get a remote access to the VM to install, configure, and run services. For the security reasons, the user needs to verify the integrity of the running VM, because a malicious host admin could modify the image or even replace the image with a similar image, to be able to get sensitive data from the VM. We propose an approach to verify the integrity of a running VM on a remote host, without using any specific hardware such as Trusted Platform Module (TPM). Our approach is implemented on a Linux platform where the kernel files (vmlinuz and initrd) could be replaced with new files, while the VM is running. kexec is used to reboot the VM with the new kernel files. The new kernel has secret codes that will be used to verify whether the VM was started using the new kernel files. The new kernel is used to further measuring the integrity of the running VM.},
  language  = {en}
}