A Novel Approach to Address Information Leakage Attacks Based on Machine Virtualization
Loading...
Date
2014
Authors
Journal Title
Journal ISSN
Volume Title
Type
Article
Publisher
LJS Publishing
Series Info
International Journal of Computer Science and Information Security;Volume: 12 Issue: 9 Pages: 31-42
Doi
Scientific Journal Rankings
Abstract
In a traditional non-virtualized computer system the
whole software stack is highly vulnerable to security breaches.
This is mainly caused by the coexistence of deployed security
systems in the same space as the potentially compromised
operating system and applications that often run with administrative privileges. In such a structure, compromising, bypassing,
disabling, or even subverting deployed security systems become
trivial. Machine virtualization provides a powerful abstraction
for addressing information security issues. Its isolation, encapsulation, and partitioning properties can be leveraged to reduce
computer systems’ susceptibility to security breaches. This paper
demonstrates that machine virtualization when employed and
synthesized with cryptography would preserve information confidentiality even in an untrusted machine. It presents a novel information security approach called Virtualized Anti-Information
Leakage (VAIL). Its objective is to thwart malicious software
and insiders’ information leakage attacks on sensitive files after
decryption in potentially compromised computer systems. VAIL’s
defenses are evaluated against a variety of information leakage
attacks including: (1) direct attacks launched on sensitive files
from an untrusted virtual machine, and a compromised virtual
machine monitor; and (2) indirect attacks exploiting covert
storage and timing channels. Based on the security evaluation,
it is concluded that VAIL effectively complied with the security
requirements, and met its objective.
Description
MSA Google Scholar
Keywords
October University for University of Information Security; Information Leakage; Machine Virtualization; Malicious Software; Insider Threat
Citation
[1] J. Agat, “Transforming out Timing Leaks,” in Proc. of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 00), Jan. 2000, pp. 40-53. [2] E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid, “NIST Special Publication 800-57: Recommendation for Key Management Part 1: General (Revision 3),” National Institute of Standards and Technology (NIST), Jul. 2012. [3] M. Ciampa, Security + Guide to Network Security Fundamentals, 4th ed., Boston, Course Technology, 2012. [4] “Trusted Computer System Evaluation Criteria,” United States Department of Defense Std., 1985. [5] G. Dunlap, S. King, S. Cinar, M. Basrai, and P. Chen, “ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay,” in Proc. of the 5th Symposium on Operating Systems Design and Implementation (OSDI), Dec. 2002. (published in a special issue of ACM SIGOPS Operating Systems Review), vol. 36, pp. 211-224, 2002. [6] G. Dunlap, D. Lucchetti, P. Chen, and M. Fetterman, “Execution Replay for Multiprocessor Virtual Machines,” in Proc. of the 4th ACM SIGPLAN/SIGOPS International Conference On Virtual Execution Environments (VEE 08), Mar. 2008, pp. 121-130. [7] Microsoft Corporation. Microsoft Support. (2012) Encrypted File System (EFS) files appear corrupted when you open them. [Online]. Available: http://support.microsoft.com/kb/329741 [8] “Advanced Encryption Standard (AES),” Federal Information Processing Std. 197, Nov. 2001. [9] “Secure Hash Standard (SHS),” Federal Information Processing Std. 180-4, Mar. 2012. [10] T. Garfinkel, and M. Rosenblum, “A Virtual Machine Introspection Based Architecture for Intrusion Detection,” in Proc. of Network and Distributed Systems Security Symposium, Feb. 2003, pp. 191-206. [11] W. Hagen, Professional Xen Virtualization, Indiana, Wiley Publishing, 2008. [12] J. Halderman, S. Schoen, N. Heninger, W. Clarkson, W. Paul, J. Calandrino, A. Feldman, J. Appelbaum, and E. Felten, “Lest We Remember: Cold Boot Attacks on Encryption Keys,” in Proc. of the 17th USENIX Security Symposium, Jul. 2008, pp. 45-60. [13] B. Hay, and K. Nance, “Forensics Examination of Volatile System Data Using Virtual Introspection,”ACM SIGOPS Operating Systems Review, vol. 42, no. 3, pp. 74-82, Apr. 2008. (IJCSIS) International Journal of Computer Science and Information Security, Vol. 12, No. 9, September 2014 41 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 [14] K. Hwang, J. Dongarra, and G. Fox, “Cloud Computing: Virtualization Classes,”TechNet Magazine, pp. 14-18, Feb. 2012. [15] Intel Corporation. (2013) Hardware-Assisted Virtualization Technology. [Online]. Available: http://www.intel.com/ content/www/us/en/virtualization/virtualization-technology/ hardware-assist-virtualization-technology.html [16] X. Jiang, X. Wang, and D. Xu, “Stealthy Malware Detection Through VMM-Based Out-of-the-Box Semantic View Reconstruction,”ACM Transactions on Information and System Security (TISSEC), vol. 13, no. 2, Feb. 2010. [17] A. Joshi, S. King, G. Dunlap, and P. Chen, “Detecting Past and Present Intrusions through Vulnerability-Specific Predicates,” in Proc. of the 20th ACM Symposium on Operating Systems Principles (SOSP 2005), Oct. 2005, pp. 91-104. [18] G. Klein, “seL4: Formal Verification of an OS Kernel,” in Proc. of the 22nd ACM Symposium on Operating Systems Principles, Oct. 2009, pp. 207-220. [19] S. Kumar, U. Rawat, S. Jasra, and A. Jain , “Efficient methodology for implementation of Encrypted File System in User Space,” International Journal of Computer Science and Information Security, vol. 3, no. 1, pp. 86-93, Jul. 2009. [20] J. LeVasseur, V. Uhlig, M. Chapman, P. Chubb, B. Leslie, and G. Heiser, “Pre-virtualization: soft layering for Virtual Machines,” in Proc. of the 13th IEEE Asia-Pacific Computer Systems Architecture Conference, Aug. 2008, pp. 1-9. [21] L. Litty, A. Cavilla, and D. Lie, “Hypervisor Support for Identifying Covertly Executing Binaries,” in Proc. of the 17th USENIX Security Symposium, Jul. 2008, pp. 243-258. [22] Microsoft Corporation. (2012) Windows Server: BitLocker Drive Encryption Overview. [Online]. Available: http://technet.microsoft.com/ en-us/library/cc732774.aspx [23] A. Nguyen, N. Schear, H. Jung, A. Godiyal, S. King, and H. Nguyen, “MAVMM: Lightweight and Purpose Built VMM for Malware Analysis,” in Proc. of the 25th Annual Computer Security Applications Conference, Dec. 2009, pp. 441-450. [24] R. Riley, X. Jiang, and D. Xu, “Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing,” in Proc. of the 11th International Symposium on Recent Advances in Intrusion Detection, Sep. 2008, pp. 1-20. [25] Secunia. (2013) Vulnerability Report: Xen 4.x. [Online]. Available: http: //secunia.com/advisories/product/33176/ [26] Secunia. (2013) Vulnerability Report: Microsoft Windows 7 [Online]. Available: http://secunia.com/advisories/product/27467/ [27] A. Seshadr, M. Luk, N. Qu, and A. Perrig, “SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes,” in Proc. of the 21st ACM SIGOPS Symposium on Operating Systems Principles, Oct. 2007, pp. 335-350. [28] T. Shinagawa, H. Eiraku, K. Omote, S. Hasegawa, M. Hirano, K. Kourai, Y. Oyama, E. Kawai, K. Kono, S. Chiba, Y. Shinjo, and K. Kato, “BitVisor: A Thin Hypervisor for Enforcing I/O Device Security,” in Proc. of the ACM International Conference on Virtual Execution Environments, Mar. 2009, pp. 121-130. [29] J. Smith, and R. Nair, Virtual Machines: Versatile Platforms for Systems and Processes, San Francisco, Morgan Kaufmann Publishers, 2005. [30] M. Tulloch, and Microsoft Virtualization Teams, Understanding Microsoft Virtualization Solutions from the Desktop to the Datacenter, 2nd ed., Washington, Microsoft Corporation, 2010. [31] Xen. (2006) Xen: Enterprise Grade Open Source Virtualization, A Xen White Paper V06012006 [Online]. Available: http://www-archive. xenproject.org/files/xenWhitePaper3.2.pdf