Abstract
The use of server virtualization has been growing steadily, but many enterprises still are reluctant to migrate critical workloads to such infrastructures. One key inhibitor is the complexity of correctly configuring virtualized infrastructures, and in particular, of isolating workloads or subscribers across all potentially shared physical and virtual resources. Imagine analyzing systems with half a dozen virtualization platforms, thousands of virtual machines and hundreds of thousands of inter-resource connections by hand: large topologies demand tool support.
We study the automated information flow analysis of heterogeneous virtualized infrastructures. We propose an analysis system that performs a static information flow analysis based on graph traversal. The system discovers the actual configurations of diverse virtualization environments and unifies them in a graph representation. It computes the transitive closure of information flow and isolation rules over the graph and diagnoses isolation breaches from that. The system effectively reduces the analysis complexity for humans from checking the entire infrastructure to checking a few well-designed trust rules on components’ information flow.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aciiçmez, O.: Yet another microarchitectural attack: exploiting i-cache. In: CSAW 2007: Proceedings of the 2007 ACM Workshop on Computer Security Architecture, pp. 11–18. ACM, New York (2007)
Al-Shaer, E., Marrero, W., El-Atawy, A., ElBadawi, K.: Global Verification and Analysis of Network Access Control Configuration. Tech. rep., DePaul University (2008)
Axelsson, S.: The base-rate fallacy and the difficulty of intrusion detection. ACM Trans. Inf. Syst. Secur. 3(3), 186–205 (2000)
Bleikertz, S., Groß, T.: A virtualization assurance language for isolation and deployment. In: Proceedings of the 12th IEEE International Symposium on Policies for Distributed Systems and Networks (IEEE POLICY 2011). IEEE, Los Alamitos (2011)
Bleikertz, S., Schunter, M., Probst, C.W., Pendarakis, D., Eriksson, K.: Security audits of multi-tier virtual infrastructures in public infrastructure clouds. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security, CCSW 2010, pp. 93–102. ACM, New York (2010), http://doi.acm.org/10.1145/1866835.1866853
Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002), extended version in IACR Cryptology ePrint Archive 2002/059, http://eprint.iacr.org/
Garfinkel, T., Rosenblum, M.: When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments. In: HOTOS 2005: Proceedings of the 10th Conference on Hot Topics in Operating Systems, p. 20. USENIX Association, Berkeley (2005)
Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20. IEEE, Los Alamitos (1982)
Gray III, J.W.: Toward a mathematical foundation for information flow security. In: IEEE Symposium on Security and Privacy, pp. 21–35. IEEE, Los Alamitos (1991)
Haigh, J.T., Young, W.D.: Extending the non-interference version of MLS for SAT. In: IEEE Symposium on Security and Privacy, p. 60. IEEE, Los Alamitos (1986)
Jacob, J.: Separability and the detection of hidden channels. Inf. Process. Lett. 34, 27–29 (1990), http://portal.acm.org/citation.cfm?id=79804.79852
Kelem, N.L., Feiertag, R.J.: A Separation Model for Virtual Machine Monitors. In: IEEE Symposium on Security and Privacy, pp. 78–86. IEEE, Los Alamitos (1991)
Khakpour, A.R., Liu, A.: Quarnet: A Tool for Quantifying Static Network Reachability. Tech. Rep. MSU-CSE-09-2, Department of Computer Science, Michigan State University, East Lansing, Michigan (January 2009)
Krothapalli, S.D., Sun, X., Sung, Y.W.E., Yeo, S.A., Rao, S.G.: A toolkit for automating and visualizing VLAN configuration. In: SafeConfig 2009: Proceedings of the 2nd ACM Workshop on Assurable and Usable Security Configuration, pp. 63–70. ACM, New York (2009)
Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)
Mantel, H.: Information flow control and applications - bridging a gap -. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 153–172. Springer, Heidelberg (2001)
Marmorstein, R., Kearns, P.: A Tool for Automated iptables Firewall Analysis. In: ATEC 2005: Proceedings of the USENIX Annual Technical Conference, p. 44. USENIX Association, Berkeley (2005)
Mayer, A., Wool, A., Ziskind, E.: Fang: A Firewall Analysis Engine. In: SP 2000: Proceedings of the 2000 IEEE Symposium on Security and Privacy, p. 177. IEEE, Washington, DC, USA (2000)
Mödersheim, S., Viganò, L.: Secure pseudonymous channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 337–354. Springer, Heidelberg (2009)
Percival, C.: Cache missing for fun and profit (May 2005), http://www.daemonology.net/papers/htt.pdf
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In: CCS 2009: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM, New York (2009)
Rushby, J.: Design and verification of secure systems. In: Proceedings of the Eighth ACM Symposium on Operating Systems Principles, SOSP 1981, pp. 12–21. ACM, New York (1981), http://doi.acm.org/10.1145/800216.806586
Rushby, J.: Proof of separability a verification technique for a class of security kernels. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) International Symposium on Programming 1982. LNCS, vol. 137, pp. 352–367. Springer, Heidelberg (1982)
Rushby, J.: Noninterference, transitivity, and channel-control security policies. Tech. rep., SRI International (December 1992), http://www.csl.sri.com/papers/csl-92-2/
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21, 2003 (2003)
VMware: Providing LUN Security (March 2006), http://www.vmware.com/pdf/esx_lun_security.pdf
Wojtczuk, R.: Adventures with a certain Xen vulnerability (in the PVFB backend) (October 2008), http://invisiblethingslab.com/pub/xenfb-adventures-10.pdf
Wool, A.: Architecting the Lumeta Firewall Analyzer. In: SSYM 2001: Proceedings of the 10th Conference on USENIX Security Symposium, p. 7. USENIX Association, Berkeley (2001)
Xie, G., Zhan, J., Maltz, D., Zhang, H., Greenberg, A., Hjalmtysson, G., Rexford, J.: On static reachability analysis of IP networks. In: INFOCOM 2005: 24th Annual Joint Conference of the IEEE Computer and Communications Societies, March 13-17, vol. 3, pp. 2170–2183. IEEE, Los Alamitos (2005)
Yang, J., Twohey, P., Engler, D., Musuvathi, M.: Using model checking to find serious file system errors. ACM Trans. Comput. Syst. 24, 393–423 (2006), http://doi.acm.org/10.1145/1189256.1189259
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bleikertz, S., Groß, T., Schunter, M., Eriksson, K. (2011). Automated Information Flow Analysis of Virtualized Infrastructures. In: Atluri, V., Diaz, C. (eds) Computer Security – ESORICS 2011. ESORICS 2011. Lecture Notes in Computer Science, vol 6879. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23822-2_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-23822-2_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23821-5
Online ISBN: 978-3-642-23822-2
eBook Packages: Computer ScienceComputer Science (R0)