Abstract
Virtualized systems such as Xen, VirtualBox, VMWare or QEmu have been proposed to increase the level of security achievable on personal computers. On the other hand, such virtualized systems are now targets for attacks. We propose an intrusion detection architecture for virtualized systems, and discuss some of the security issues that arise. We argue that a weak spot of such systems is domain zero administration, which is left entirely under the administrator’s responsibility, and is in particular vulnerable to trojans. To avert some of the risks, we propose to install a role-based access control model with possible role delegation, and to describe all undesired activity flows through simple temporal formulas. We show how the latter are compiled into Orchids rules, via a fragment of linear temporal logic, through a generalization of the so-called history variable mechanism.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Briffaut, J.: Formalisation et garantie de propriétés de sécurité système: Application à la détection dintrusions. PhD thesis, LIFO Université d’Orléans, ENSI Bourges (December 2007)
Brown, A., Ryan, M.: Synthesising monitors from high-level policies for the safe execution of untrusted software. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 233–247. Springer, Heidelberg (2008)
Dias, H.: Linux kernel ’net/atm/proc.c’ local denial of service vulnerability. BugTraq Id 32676, CVE-2008-5079 (December 2008)
Fischer, M.J., Ladner, R.E.: Propositional dynamic logic of regular programs. Journal of Computer and System Sciences 18, 194–211 (1979)
Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 10th Annual Network and Distributed Systems Security Symposium, San Diego, CA (February 2003)
Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A secure environment for untrusted helper applications (confining the wily hacker). In: Proceedings of the 6th USENIX Security Symposium, San Jose, CA (July 1996)
Goubault-Larrecq, J., Olivain, J.: A smell of orchids. In: Leucker, M. (ed.) RV 2008. LNCS, vol. 5289, pp. 1–20. Springer, Heidelberg (2008)
Morin, B., Debar, H.: Correlation of intrusion symptoms: an application of chronicles. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 94–112. Springer, Heidelberg (2003)
Necula, G.C., Lee, P.: Safe kernel extensions without run-time checking. SIGOPS Operating Systems Review 30, 229–243 (1996)
NetTop (2004), http://www.nsa.gov/research/tech_transfer/fact_sheets/nettop.shtml
Olivain, J., Goubault-Larrecq, J.: The orchids intrusion detection tool. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 286–290. Springer, Heidelberg (2005)
Onoue, K., Oyama, Y., Yonezawa, A.: Control of system calls from outside of virtual machines. In: Wainwright, R.L., Haddad, H. (eds.) SAC, pp. 2116–1221. ACM, New York (2008)
Provos, N.: Improving host security with system call policies. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC (August 2003)
Purczyński, W., qaaz: Linux kernel prior to 2.6.24.2 ‘vmsplice_to_pipe()’ local privilege escalation vulnerability (February 2008), http://www.securityfocus.com/bid/27801
Qemu (2010), http://www.qemu.org/
Small number of video iPods shipped with Windows virus (2010), http://www.apple.com/support/windowsvirus/
Roger, M., Goubault-Larrecq, J.: Log auditing through model checking. In: 14th IEEE Computer Security Foundations Workshop (CSFW 2001), pp. 220–236. IEEE Comp. Soc. Press, Los Alamitos (2001)
Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J., Doorn, L.: Building a MAC-based security architecture for the Xen opensource hypervisor. In: Proceedings of the 21st Annual Computer Security Applications Conference, Tucson, AZ (December 2005)
Sekar, R., Bendre, M., Bollineni, P., Dhurjati, D.: A fast automaton-based method for detecting anomalous program behaviors. In: IEEE Symposium on Security and Privacy, Oakland, CA (May 2001)
Sekar, R., Ramakrishnan, C., Ramakrishnan, I., Smolka, S.: Model-carrying code (MCC): A new paradigm for mobile-code security. In: Proceedings of the New Security Paradigms Workshop (NSPW 2001). ACM Press, Cloudcroft (September 2001)
Sekar, R., Uppuluri, P.: Synthesizing fast intrusion prevention/detection systems from high-level specifications. In: Proceedings of the 8th Conference on USENIX Security Symposium, SSYM 1999, Berkeley, CA (1999)
Smalley, S., Vance, C., Salamon, W.: Implementing SELinux as a Linux security module. Technical report, NSA (2001)
Starzetz, P.: Linux kernel 2.4.22 do_brk() privilege escalation vulnerability. K-Otik ID 0446, CVE CAN-2003-0961 (December 2003), http://www.k-otik.net/bugtraq/12.02.kernel.2422.php
Virtualbox (2010), http://www.virtualbox.org/
Vmware (2010), http://www.vmware.com/
Wojtczuk, R.: Subverting the Xen hypervisor. In: Black Hat 2008, Las Vegas, NV (2008)
[ms-wusp]: Windows update services: Client-server protocol specification (2007-2010), http://msdn.microsoft.com/en-us/library/cc251937PROT.13.aspx
Xen (2005-2010), http://www.xen.org/
Zimmermann, J., Mé, L., Bidan, C.: Introducing reference flow control for detecting intrusion symptoms at the OS level. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 292–306. Springer, Heidelberg (2002)
Zimmerman, J., Mé, L., Bidan, C.: Experimenting with a policy-based hids based on an information flow control model. In: ACSAC 2003: Proceedings of the 19th Annual Computer Security Applications Conference, Washington, DC, USA, p. 364. IEEE Computer Society, Los Alamitos (2003)
Zimmermann, J., Mé, L., Bidan, C.: An improved reference flow control model for policy-based intrusion detection. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 291–308. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Benzina, H., Goubault-Larrecq, J. (2011). Some Ideas on Virtualized System Security, and Monitors. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2010 2010. Lecture Notes in Computer Science, vol 6514. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19348-4_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-19348-4_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19347-7
Online ISBN: 978-3-642-19348-4
eBook Packages: Computer ScienceComputer Science (R0)