Skip to main content
SpringerLink
Log in

Some Ideas on Virtualized System Security, and Monitors

  • Conference paper
Book cover Data Privacy Management and Autonomous Spontaneous Security (DPM 2010, SETOP 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6514))

Abstract

Virtualized systems such as Xen, VirtualBox, VMWare or QEmu have been proposed to increase the level of security achievable on personal computers. On the other hand, such virtualized systems are now targets for attacks. We propose an intrusion detection architecture for virtualized systems, and discuss some of the security issues that arise. We argue that a weak spot of such systems is domain zero administration, which is left entirely under the administrator’s responsibility, and is in particular vulnerable to trojans. To avert some of the risks, we propose to install a role-based access control model with possible role delegation, and to describe all undesired activity flows through simple temporal formulas. We show how the latter are compiled into Orchids rules, via a fragment of linear temporal logic, through a generalization of the so-called history variable mechanism.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Briffaut, J.: Formalisation et garantie de propriétés de sécurité système: Application à la détection dintrusions. PhD thesis, LIFO Université d’Orléans, ENSI Bourges (December 2007)

    Google Scholar 

  2. Brown, A., Ryan, M.: Synthesising monitors from high-level policies for the safe execution of untrusted software. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 233–247. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  3. Dias, H.: Linux kernel ’net/atm/proc.c’ local denial of service vulnerability. BugTraq Id 32676, CVE-2008-5079 (December 2008)

    Google Scholar 

  4. Fischer, M.J., Ladner, R.E.: Propositional dynamic logic of regular programs. Journal of Computer and System Sciences 18, 194–211 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  5. Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 10th Annual Network and Distributed Systems Security Symposium, San Diego, CA (February 2003)

    Google Scholar 

  6. Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A secure environment for untrusted helper applications (confining the wily hacker). In: Proceedings of the 6th USENIX Security Symposium, San Jose, CA (July 1996)

    Google Scholar 

  7. Goubault-Larrecq, J., Olivain, J.: A smell of orchids. In: Leucker, M. (ed.) RV 2008. LNCS, vol. 5289, pp. 1–20. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  8. Morin, B., Debar, H.: Correlation of intrusion symptoms: an application of chronicles. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 94–112. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Necula, G.C., Lee, P.: Safe kernel extensions without run-time checking. SIGOPS Operating Systems Review 30, 229–243 (1996)

    Article  Google Scholar 

  10. NetTop (2004), http://www.nsa.gov/research/tech_transfer/fact_sheets/nettop.shtml

  11. Olivain, J., Goubault-Larrecq, J.: The orchids intrusion detection tool. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 286–290. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Onoue, K., Oyama, Y., Yonezawa, A.: Control of system calls from outside of virtual machines. In: Wainwright, R.L., Haddad, H. (eds.) SAC, pp. 2116–1221. ACM, New York (2008)

    Google Scholar 

  13. Provos, N.: Improving host security with system call policies. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC (August 2003)

    Google Scholar 

  14. Purczyński, W., qaaz: Linux kernel prior to 2.6.24.2 ‘vmsplice_to_pipe()’ local privilege escalation vulnerability (February 2008), http://www.securityfocus.com/bid/27801

  15. Qemu (2010), http://www.qemu.org/

  16. Small number of video iPods shipped with Windows virus (2010), http://www.apple.com/support/windowsvirus/

  17. Roger, M., Goubault-Larrecq, J.: Log auditing through model checking. In: 14th IEEE Computer Security Foundations Workshop (CSFW 2001), pp. 220–236. IEEE Comp. Soc. Press, Los Alamitos (2001)

    Chapter  Google Scholar 

  18. Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J., Doorn, L.: Building a MAC-based security architecture for the Xen opensource hypervisor. In: Proceedings of the 21st Annual Computer Security Applications Conference, Tucson, AZ (December 2005)

    Google Scholar 

  19. Sekar, R., Bendre, M., Bollineni, P., Dhurjati, D.: A fast automaton-based method for detecting anomalous program behaviors. In: IEEE Symposium on Security and Privacy, Oakland, CA (May 2001)

    Google Scholar 

  20. Sekar, R., Ramakrishnan, C., Ramakrishnan, I., Smolka, S.: Model-carrying code (MCC): A new paradigm for mobile-code security. In: Proceedings of the New Security Paradigms Workshop (NSPW 2001). ACM Press, Cloudcroft (September 2001)

    Google Scholar 

  21. Sekar, R., Uppuluri, P.: Synthesizing fast intrusion prevention/detection systems from high-level specifications. In: Proceedings of the 8th Conference on USENIX Security Symposium, SSYM 1999, Berkeley, CA (1999)

    Google Scholar 

  22. Smalley, S., Vance, C., Salamon, W.: Implementing SELinux as a Linux security module. Technical report, NSA (2001)

    Google Scholar 

  23. Starzetz, P.: Linux kernel 2.4.22 do_brk() privilege escalation vulnerability. K-Otik ID 0446, CVE CAN-2003-0961 (December 2003), http://www.k-otik.net/bugtraq/12.02.kernel.2422.php

  24. Virtualbox (2010), http://www.virtualbox.org/

  25. Vmware (2010), http://www.vmware.com/

  26. Wojtczuk, R.: Subverting the Xen hypervisor. In: Black Hat 2008, Las Vegas, NV (2008)

    Google Scholar 

  27. [ms-wusp]: Windows update services: Client-server protocol specification (2007-2010), http://msdn.microsoft.com/en-us/library/cc251937PROT.13.aspx

  28. Xen (2005-2010), http://www.xen.org/

  29. Zimmermann, J., Mé, L., Bidan, C.: Introducing reference flow control for detecting intrusion symptoms at the OS level. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 292–306. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  30. Zimmerman, J., Mé, L., Bidan, C.: Experimenting with a policy-based hids based on an information flow control model. In: ACSAC 2003: Proceedings of the 19th Annual Computer Security Applications Conference, Washington, DC, USA, p. 364. IEEE Computer Society, Los Alamitos (2003)

    Chapter  Google Scholar 

  31. Zimmermann, J., Mé, L., Bidan, C.: An improved reference flow control model for policy-based intrusion detection. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 291–308. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LSV, ENS Cachan, CNRS, INRIA, 61 avenue du Président Wilson, 94230, CACHAN, France

    Hedi Benzina & Jean Goubault-Larrecq

Authors
  1. Hedi Benzina
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean Goubault-Larrecq
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IT/TELECOM Bretagne, Campus de Rennes, 2 Rue de la Châtaigneraie, 35512, Cesson Sévigné, Cedex, France

    Joaquin Garcia-Alfaro

  2. IIIA-CSIC, Campus UAB, 08193, Bellaterra, Spain

    Guillermo Navarro-Arribas

  3. IT/TELECOM SudParis, 9 Rue Charles Fourier, 91011, Evry Cedex, France

    Ana Cavalli

  4. IT/TELECOM ParisTech, 46 Rue Barrault, 75634, Paris Cedex 13, France

    Jean Leneutre

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Benzina, H., Goubault-Larrecq, J. (2011). Some Ideas on Virtualized System Security, and Monitors. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2010 2010. Lecture Notes in Computer Science, vol 6514. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19348-4_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19348-4_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19347-7

  • Online ISBN: 978-3-642-19348-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation