Hussein, OmarHamza, NerminHefny, Hesham2020-02-132020-02-132014[1] J. Agat, “Transforming out Timing Leaks,” in Proc. of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 00), Jan. 2000, pp. 40-53. [2] E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid, “NIST Special Publication 800-57: Recommendation for Key Management Part 1: General (Revision 3),” National Institute of Standards and Technology (NIST), Jul. 2012. [3] M. Ciampa, Security + Guide to Network Security Fundamentals, 4th ed., Boston, Course Technology, 2012. [4] “Trusted Computer System Evaluation Criteria,” United States Department of Defense Std., 1985. [5] G. Dunlap, S. King, S. Cinar, M. Basrai, and P. Chen, “ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay,” in Proc. of the 5th Symposium on Operating Systems Design and Implementation (OSDI), Dec. 2002. (published in a special issue of ACM SIGOPS Operating Systems Review), vol. 36, pp. 211-224, 2002. [6] G. Dunlap, D. Lucchetti, P. Chen, and M. Fetterman, “Execution Replay for Multiprocessor Virtual Machines,” in Proc. of the 4th ACM SIGPLAN/SIGOPS International Conference On Virtual Execution Environments (VEE 08), Mar. 2008, pp. 121-130. [7] Microsoft Corporation. Microsoft Support. (2012) Encrypted File System (EFS) files appear corrupted when you open them. [Online]. Available: http://support.microsoft.com/kb/329741 [8] “Advanced Encryption Standard (AES),” Federal Information Processing Std. 197, Nov. 2001. [9] “Secure Hash Standard (SHS),” Federal Information Processing Std. 180-4, Mar. 2012. [10] T. Garfinkel, and M. Rosenblum, “A Virtual Machine Introspection Based Architecture for Intrusion Detection,” in Proc. of Network and Distributed Systems Security Symposium, Feb. 2003, pp. 191-206. [11] W. Hagen, Professional Xen Virtualization, Indiana, Wiley Publishing, 2008. [12] J. Halderman, S. Schoen, N. Heninger, W. Clarkson, W. Paul, J. Calandrino, A. Feldman, J. Appelbaum, and E. Felten, “Lest We Remember: Cold Boot Attacks on Encryption Keys,” in Proc. of the 17th USENIX Security Symposium, Jul. 2008, pp. 45-60. [13] B. Hay, and K. Nance, “Forensics Examination of Volatile System Data Using Virtual Introspection,”ACM SIGOPS Operating Systems Review, vol. 42, no. 3, pp. 74-82, Apr. 2008. (IJCSIS) International Journal of Computer Science and Information Security, Vol. 12, No. 9, September 2014 41 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 [14] K. Hwang, J. Dongarra, and G. Fox, “Cloud Computing: Virtualization Classes,”TechNet Magazine, pp. 14-18, Feb. 2012. [15] Intel Corporation. (2013) Hardware-Assisted Virtualization Technology. [Online]. Available: http://www.intel.com/ content/www/us/en/virtualization/virtualization-technology/ hardware-assist-virtualization-technology.html [16] X. Jiang, X. Wang, and D. Xu, “Stealthy Malware Detection Through VMM-Based Out-of-the-Box Semantic View Reconstruction,”ACM Transactions on Information and System Security (TISSEC), vol. 13, no. 2, Feb. 2010. [17] A. Joshi, S. King, G. Dunlap, and P. Chen, “Detecting Past and Present Intrusions through Vulnerability-Specific Predicates,” in Proc. of the 20th ACM Symposium on Operating Systems Principles (SOSP 2005), Oct. 2005, pp. 91-104. [18] G. Klein, “seL4: Formal Verification of an OS Kernel,” in Proc. of the 22nd ACM Symposium on Operating Systems Principles, Oct. 2009, pp. 207-220. [19] S. Kumar, U. Rawat, S. Jasra, and A. Jain , “Efficient methodology for implementation of Encrypted File System in User Space,” International Journal of Computer Science and Information Security, vol. 3, no. 1, pp. 86-93, Jul. 2009. [20] J. LeVasseur, V. Uhlig, M. Chapman, P. Chubb, B. Leslie, and G. Heiser, “Pre-virtualization: soft layering for Virtual Machines,” in Proc. of the 13th IEEE Asia-Pacific Computer Systems Architecture Conference, Aug. 2008, pp. 1-9. [21] L. Litty, A. Cavilla, and D. Lie, “Hypervisor Support for Identifying Covertly Executing Binaries,” in Proc. of the 17th USENIX Security Symposium, Jul. 2008, pp. 243-258. [22] Microsoft Corporation. (2012) Windows Server: BitLocker Drive Encryption Overview. [Online]. Available: http://technet.microsoft.com/ en-us/library/cc732774.aspx [23] A. Nguyen, N. Schear, H. Jung, A. Godiyal, S. King, and H. Nguyen, “MAVMM: Lightweight and Purpose Built VMM for Malware Analysis,” in Proc. of the 25th Annual Computer Security Applications Conference, Dec. 2009, pp. 441-450. [24] R. Riley, X. Jiang, and D. Xu, “Guest-Transparent Prevention of Kernel Rootkits with VMM-based Memory Shadowing,” in Proc. of the 11th International Symposium on Recent Advances in Intrusion Detection, Sep. 2008, pp. 1-20. [25] Secunia. (2013) Vulnerability Report: Xen 4.x. [Online]. Available: http: //secunia.com/advisories/product/33176/ [26] Secunia. (2013) Vulnerability Report: Microsoft Windows 7 [Online]. Available: http://secunia.com/advisories/product/27467/ [27] A. Seshadr, M. Luk, N. Qu, and A. Perrig, “SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes,” in Proc. of the 21st ACM SIGOPS Symposium on Operating Systems Principles, Oct. 2007, pp. 335-350. [28] T. Shinagawa, H. Eiraku, K. Omote, S. Hasegawa, M. Hirano, K. Kourai, Y. Oyama, E. Kawai, K. Kono, S. Chiba, Y. Shinjo, and K. Kato, “BitVisor: A Thin Hypervisor for Enforcing I/O Device Security,” in Proc. of the ACM International Conference on Virtual Execution Environments, Mar. 2009, pp. 121-130. [29] J. Smith, and R. Nair, Virtual Machines: Versatile Platforms for Systems and Processes, San Francisco, Morgan Kaufmann Publishers, 2005. [30] M. Tulloch, and Microsoft Virtualization Teams, Understanding Microsoft Virtualization Solutions from the Desktop to the Datacenter, 2nd ed., Washington, Microsoft Corporation, 2010. [31] Xen. (2006) Xen: Enterprise Grade Open Source Virtualization, A Xen White Paper V06012006 [Online]. Available: http://www-archive. xenproject.org/files/xenWhitePaper3.2.pdf1947-5500https://t.ly/g7XzEMSA Google ScholarIn a traditional non-virtualized computer system the whole software stack is highly vulnerable to security breaches. This is mainly caused by the coexistence of deployed security systems in the same space as the potentially compromised operating system and applications that often run with administrative privileges. In such a structure, compromising, bypassing, disabling, or even subverting deployed security systems become trivial. Machine virtualization provides a powerful abstraction for addressing information security issues. Its isolation, encapsulation, and partitioning properties can be leveraged to reduce computer systems’ susceptibility to security breaches. This paper demonstrates that machine virtualization when employed and synthesized with cryptography would preserve information confidentiality even in an untrusted machine. It presents a novel information security approach called Virtualized Anti-Information Leakage (VAIL). Its objective is to thwart malicious software and insiders’ information leakage attacks on sensitive files after decryption in potentially compromised computer systems. VAIL’s defenses are evaluated against a variety of information leakage attacks including: (1) direct attacks launched on sensitive files from an untrusted virtual machine, and a compromised virtual machine monitor; and (2) indirect attacks exploiting covert storage and timing channels. Based on the security evaluation, it is concluded that VAIL effectively complied with the security requirements, and met its objective.enOctober University for University of Information Security; Information Leakage; Machine Virtualization; Malicious Software; Insider ThreatArticle