TVLAN: Trusted and Virtualised Local Area Networks

Today most of the desktops, laptops are being shipped with the TPM and Virtualisation technology is widely being deployed. On the other hand, we are witnessing an increasing number of zero day attacks. Our analysis confirms that Local Area Networks are highly vulnerable to such attacks since there is free communication between the hosts in the LAN. A single compromised host can severely degrade the services in the traditional LAN and it is extremely difficult task for the security administrator to determine the compromised host that is generating attack traffic. In this paper we propose techniques to enhance the security in traditional LAN by making use of the trusted computing and virtualisation technologies. Often virtualisation is considered as a technology which enables to run multiple computers on a single server. We will show that virtualisation technology has significant benefits even if a single virtual machine is hosted on each VMM. Our model enables the security administrator to enforce security policies on the traffic that can be placed on the LAN medium. Hence our model efficiently deals with the attack at the VMM that is hosting the compromised virtual machine. The security can be enhanced furthermore by using the TPM technology to secure the virtualized local area networks. We will also present detail analysis of different cases scenarios on how the proposed model can enhance the security of the local area networks. There are several advantages with our model. Emerging attacks such as Conficker remain dormant in our proposed architecture in order to avoid detection. Hence our model can transform the highly vulnerable traditional LANs into trust enhanced and secure virtualized local area networks.

[1]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[2]  Guofei Gu,et al.  Conficker and beyond: a large-scale empirical study , 2010, ACSAC '10.

[3]  James E. Smith,et al.  The architecture of virtual machines , 2005, Computer.

[4]  Peng Ning,et al.  Remote attestation to dynamic system properties: Towards providing complete system integrity evidence , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[5]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[6]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[7]  Christopher Krügel,et al.  Analysis of a Botnet Takeover , 2011, IEEE Security & Privacy.

[8]  Miguel Castro,et al.  Vigilante: end-to-end containment of internet worms , 2005, SOSP '05.

[9]  Heng Yin,et al.  Dynamic Spyware Analysis , 2007, USENIX Annual Technical Conference.

[10]  Andrea C. Arpaci-Dusseau,et al.  VMM-based hidden process detection and identification using Lycosid , 2008, VEE '08.

[11]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[12]  Gerald J. Popek,et al.  Formal requirements for virtualizable third generation architectures , 1974, CACM.

[13]  Nirwan Ansari,et al.  Revealing Packed Malware , 2008, IEEE Security & Privacy.

[14]  Wenke Lee,et al.  Lares: An Architecture for Secure Active Monitoring Using Virtualization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[15]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[16]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[17]  Vinod Yegneswaran,et al.  BLADE: an attack-agnostic approach for preventing drive-by malware infections , 2010, CCS '10.