virtual machine security systemsdcm/teaching/cda5532-cloudcomputing/... · 2011-10-28 · vm-based...
TRANSCRIPT
VIRTUAL MACHINE SECURITY SYSTEMS
Kumiko Ogawa
Virtual Machine Security Systems
by Xin Zhao, Kevin Borders, Atul Prakash
Department of EECS, University of Michigan
VM-Based Security
Isolation
Intruder cannot tamper with the security system, even if he or she subverted a
guest VM.
Inspection
Virtual machine monitor can access to the entire state of each guest VM
Interposition
Preiviledged instruction is present
Architecture of VM-based Security Services
While VM-based security systems have different
features, they usually share a similar architecture.
Host based IDS/Network based IDS
Software, log,
history HIDS
NIDS
Excellent view what is happening inside
Highly susceptible to attack
More resistant to attack
Poor view of what happening inside
Livewire (VM-based IDS)
OS interface Library
Providing OS-level view of the target virtual machine by interpreting the
hardware state on the VMM
Policy Engine
Obtaining from VMM interface events and deciding whether or not the
system has been compromised
=Example=
Signature Detector
(in memory)
Siren (VM-based IDS)
Detecting malicious software operating within a
guest virtual machine that attempts to send out
information over the network
keyboard
Mouse etc.
Network traffic
“Siren: Catching Evasive Malware (Short Paper)” by Kevin Borders, Xin Zhao, Atul Prakash
SVFS(Secure Virtual File System)
To protect sensitive files
All access to sensitive files by applications must first
be approved by DVM.
(Data Virtual Machine)
VRPC(Virtual Remote Procedure Calls) are much faster than normal PRCs with using memory sharing
Hey, You, Get Off of My Cloud: Exploring Information Leakage
in Third-Party Compute Clouds (2009) by Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage
Amazon EC2
Placement
- Placing a malicious VM on the same physical machine which
hosts the victim’s VM
- Proving co-residence
Cross-VM information leakage
- via manipulation of shared physical resource
- Side-channel attack
sHype (Secure Hypervisor)
Developed by IBM
Implemented for Xen
(Access Control Module)
Ref: sHype Hypervisor Security Architecture – A Layered Approach Towards Trusted Virtual Domains
by Dr.-Ing. Reiner Sailer IBM T. J. Watson Research Center, NY
VM-Based Honeypots
A honeypot is a computer system that is set up with
the sole intention of luring attackers.
Honeypots
Low-interaction
- accepting packets, but only giving a minimal response
- cost effective
High-interaction
- behaving more like a normal computer
- providing more information about attacks
VM-based Honeypots
Advantage
- providing resource multiplexing, which allows more
high-interaction honeypots on the same hardware
Disadvantage
- Hackers can detect VM and avoid honeypots
Potemkin Virtual Honeyfarm(1)
High-interaction Honeypot system
VMM Requirement
INTERNET
Virtual Honeyfarm
Gateway
(1) Packet received by gateway
(2) VM created on demand (VM creatinon must be fast enough to maintain illusion)
Potemkin Virtual Honeyfarm(2)
Traffic Reflection
INTERNET
Virtual Honeyfarm
Gateway
(1) If packets are tried to sent out to third parties…
(2) The traffic is redirected back into honeyfarm
Collapsar Honeypot Center
Traffic are redirected to Collapsar Honeypot Center
Disadvantage: if redirected traffic is detected…
Collapsar Honeypot Center
Redirector
Redirector
Redirector
Virtual Machine Security Systems
by Xin Zhao, Kevin Borders, Atul Prakash
Department of EECS, University of Michigan