Hans P. Reiser,

University of Passau


Virtualization technology has been know for several decades, and has become one of the core technologies of cloud infrastructures. Main benefits include the possibility to efficiently share resources securely among multiple tenants, running multiple operating systems, and including the ability to rapidly allocate, migrate and de-allocate virtual machines. Virtualization has also proven to be useful for building highly available, replicated systems.

In this talk, we explore a different dimension of virtualization technology: its ability to support the detection and analysis of intrusions. In the Bavarian FORSEC project, we investigate new approaches for enhancing security in large-scale distributed system. The CloudIDEA architecture (Cloud Intrusion DEtection and Analysis) extends a cloud management platform with the ability to continuously monitor virtual machines using low-impact introspection techniques, automatically react to suspicious behaviour with system reconfigurations, and analyze in detail (potentially) malicious actions with more heavy-weight introspection approaches. Core building blocks of this architecture are LibVMTrace, a virtual machine tracing library that builds upon LibVMI, and CloudPhylactor, a secure architecture that enables running introspection applications in isolated domains in cloud environments. In future work, we plan to extend our work regarding forensic data acquisition and processing, visualization, and reporting of IT-security incidents.


Hans P. Reiser is professor at University of Passau, where he joined the Institute of IT Security and Security Law in 2011. He holds a PhD in the area of middleware for fault-tolerant systems from Ulm University. Since 2007 he worked as an assistant professor at LaSIGE, University of Lisbon, and in 2010 he spent one semester at the Carnegie Mellon University, Pittsburgh, USA as a visiting professor. Hans P. Reiser’s research focus is on technical aspects of reliability and security in distributed systems, including algorithms and architectures for intrusion tolerant systems, adaptability and self-optimization of group communication systems, concepts for secure and reliable cloud computing, and methods for incident investigation in cloud environments.


Date: 2016-Mar-17     Time: 12:00:00     Room: 020

For more information: