On covert channels between virtual machines

Virtualization technology has become very popular because of better hardware utilization and easy maintenance. However, there are chances for information leakage and possibilities of several covert channels for information flow between the virtual machines. Our work focuses on the experimental study of security threats in virtualization, especially due to covert channels and other forms of information leakage. The existence of data leakage during migration shutdown and destruction of virtual machines, is tested on different hypervisors. For empirically showing the possibility of covert channels between virtual machines, three new network based covert channels are hypothesized and demonstrated through implementation, on different hypervisors. One of the covert channels hypothesized is a TCP/IP steganography based covert channel. Other covert channels are a timing covert channel and a new network covert channel having two pairs of socket programs. We propose a VMM (Virtual Machine Monitor) based network covert channel avoidance mechanism, tackling detection resistant covert channel problems. We also address issue of reducing the possibilities of network based covert channels using VMM-level firewalls. In order to emphasize the importance of addressing the issue of information leakage through virtual machines, we illustrate the simplicity of launching network covert channel based attacks, by demonstrating an attack on a virtual machine using covert channels through implementation.

[1]  Maxim Anikeev,et al.  Network Based Detection of Passive Covert Channels in TCP/IP , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[2]  Mikaël Salaün Practical overview of a Xen covert channel , 2009, Journal in Computer Virology.

[3]  Trent Jaeger,et al.  Managing the risk of covert information flows in virtual machine systems , 2007, SACMAT '07.

[4]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[5]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[6]  Joanna Rutkowska joanna The Implementation of Passive Covert Channels in the Linux Kernel , 2004 .

[7]  Steven J. Murdoch,et al.  Covert channel vulnerabilities in anonymity systems , 2007 .

[8]  Ingard Mevåg Towards Automatic Management and Live Migration of Virtual Machines , 2007 .

[9]  Steven J. Murdoch,et al.  Embedding Covert Channels into TCP/IP , 2005, Information Hiding.

[10]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[11]  Wei Wang,et al.  Secured and reliable VM migration in personal cloud , 2010, 2010 2nd International Conference on Computer Engineering and Technology.

[12]  Xiaoyu Song,et al.  On the Formal Characterization of Covert Channel , 2004, AWCC.

[13]  Tal Garfinkel,et al.  Virtual machine monitors: current technology and future trends , 2005, Computer.

[14]  Farnam Jahanian,et al.  Empirical Exploitation of Live Virtual Machine Migration , 2007 .

[15]  Bernard Golden,et al.  Virtualization For Dummies , 2007 .

[16]  Hai Jin,et al.  A Prioritized Chinese Wall Model for Managing the Covert Information Flows in Virtual Machine Systems , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[17]  Yoshihiro Oyama,et al.  Load-based covert channels between Xen virtual machines , 2010, SAC '10.