Vulnerability Analysis using Network Timestamps in Full Virtualization Virtual Machine

M. Noorafiza, H. Maeda, R. Uda, T. Kinoshita, M. Shiratori

2015

Abstract

Virtualization is the main underlying technology for cloud computing. The popularity of cloud computing had expanded rapidly over the past few years. As any new technology advancement, cloud computing also has vulnerability possibilities and potential security risks. Therefore it is important to study and understand the underlying technologies in cloud computing and test any possible loophole that may give advantages for malware and attackers. Virtual machine (VM) is one of the basic component in cloud computing. VM itself is a program that executes multiple operating systems on one physical machine. Due to the complexity of the VM, together with the complex setting of the network environment and physical machine technology during the implementation of VM environment, vulnerability in the environment may occur. For example, the ability of malware to detect either the environment that they are attacking is on VM or not. Through this detection, the malware or attackers may hide its malicious program since VM are commonly used as defensive system for malware detection, such as honeypots. In this paper, we present a remote detection technique for VM that uses IP timestamp option in full virtualization that could be used to detect VM environment and contributing to VM vulnerability. Evaluation of this technique was done by examining and analysing the characteristic of IP packet timestamps replies from VM and real machine. This research finding could serve as new knowledge for further studies on how to provide comprehensive protection from VM vulnerability. This research also could formulate more effective security improvement that could lead to better security policy towards VM technology.

References

  1. Anthes, G., "Security in the cloud." Communications of the ACM 53(11): 16-18. (2010).
  2. B. Lau and V. Svajcer. “Measuring virtual machine detection in malware using DSD tracer”. Journal in Computer Virology, 6(3), 2010.
  3. Bernd Grobauer, Tobias Walloschek, and Elmar Stocker. 2011. Understanding Cloud Computing Vulnerabilities. IEEE Security and Privacy 9, 2 (March 2011), 50- 57.
  4. J. Crandall, G. Wassermann, D. Oliveira, Z. Su, S. Wu, and T. Chong. “Temporal search: detecting hidden malware timebombs with virtual machines”. In ASPLOS-XII: Proceedings of the 12th international conference on Architectural support for programming languages and operating systems, pages 25-36, New York, NY, USA, 2006. ACM Press.
  5. J. Franklin, M. Luk, J. M. McCune, A. Seshadri, A. Perrig and L. van Doorn. “Remote detection of virtual machine monitors with fuzzy benchmarking”. SIGOPS Oper. Syst. Rev., 42(3):83-92, 2008.
  6. J. Watson, “Virtualbox: bits and bytes masquerading as machines,” Linux Journal, vol. 2008, no. 166, p. 1, 2008.
  7. K. Miyamoto, H.Tanaka, “Proposal of Effective Detection Method of VMM without Feature Database”, Information Processing Society of Japan, Vol. 52. pp. 2602-2612, 2011. (Japanese).
  8. Karen A. Scarfone and Peter M. Mell, Guide to Intrusion Detection and prevention Systems (Idps), technical Report NIST Gaithersburg, MD, United States, 2007.
  9. Matrazali Noorafiza, Hiroshi Maeda, Toshiyuki Kinoshita, Ryuya Uda: Virtual machine remote detection method using network timestamps in cloud computing. ICITST 2013: 375-380.
  10. Mills D. Network Time Protocol (version 3): specification, implementation and analysis. Technical Report RFC 1305,Network Working Group; March 1992.
  11. Nance, Kara, Hay, Brian, Bishop, Matt "virtual machine introspection." IEEE Computer Society. (2008).
  12. P. Ferrie, “Attacks on More Virtual Machine Emulators”, Symantec Advanced Threat Research, 2006.
  13. P. Padala, X. Zhu, Z. Wanf, S. Singhal, and K. Shin, "Performance evaluation of virtualization technologies for server consolidation, HP Labs, Tech. Rep. HPL2007-59, 2007.
  14. R. Buyya, C. Yeo, S. Venuopal, J. Broberg, and I.Brandic, “Cloud Computing and emerging IT platforms: vision, hype and reality for delivering computing as the 5th utility”, Future Generation Computer Systems, pp. 599-616, 2009.
  15. T. Garfinkel, K. Adams, A.Warfield, J. Franklin, “Compatibility is Not Transparency: VMM Detection Myths and Realities”, Proceedings of the 11th Workshop on Hot Topics in Operating Systems (Hot OS-XI), 2007.
  16. T. Kohno, A. Broido and K.C. Claffy. “Remote physical device fingerprinting”. In SP 7805: Proceedings of the 2005 IEEE Sympossium on Security and privacy, pages 211-255, Washington, DV, USA, 2005.
  17. The Internet Engineering Task Force Darpa Internet Program Protocol Specification, http://www.ietf.org/ rfc/ (Access date: 23 September 2014).
  18. U. Bayer, C. Kruegel, and E. Kirda. “TTAnalyze: A Tool for Analyzing Malware”. In 15th Annual Conference of the European Institute for Computer Antivirus Research EICAR), 2006.
  19. VMWare, “Understanding Full virtualization, Paravirtualization and hardware Assist,” 2007. [Online]. Available: http://www.vmware.com/files/pdf/VM ware_paravirtualization.pdf (Access date: 23 September 2014).
Download


Paper Citation


in Harvard Style

Noorafiza M., Maeda H., Uda R., Kinoshita T. and Shiratori M. (2015). Vulnerability Analysis using Network Timestamps in Full Virtualization Virtual Machine . In Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-081-9, pages 83-89. DOI: 10.5220/0005242000830089


in Bibtex Style

@conference{icissp15,
author={M. Noorafiza and H. Maeda and R. Uda and T. Kinoshita and M. Shiratori},
title={Vulnerability Analysis using Network Timestamps in Full Virtualization Virtual Machine},
booktitle={Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2015},
pages={83-89},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005242000830089},
isbn={978-989-758-081-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Vulnerability Analysis using Network Timestamps in Full Virtualization Virtual Machine
SN - 978-989-758-081-9
AU - Noorafiza M.
AU - Maeda H.
AU - Uda R.
AU - Kinoshita T.
AU - Shiratori M.
PY - 2015
SP - 83
EP - 89
DO - 10.5220/0005242000830089