Project Website – ECS 235 Fall 05

 

Ensuring the Integrity of VM Operations

Jason Li (jsnli AT ucdavis DOT edu)

 

Proposal Abstract:

            Virtual Machines (VMs), once a popular topic in the 1960s, are beginning to see a renewed interest as they seem promising in providing the much-needed security guarantees of present day for computing.  However, VMs themselves are not panaceas to security issues, and while they solve many difficult (or otherwise seemingly impossible) problems, they introduce unique ones of their own.  For example, the idea of VMI (VM IDS) proposed by Garfinkel is useful, but has a drawback in that it requires specific knowledge of the guest OS state from outside of the VM [1].  The importance of this is to show that VMIs are not immune to the “visibility-resilience” tradeoff that classical IDS paradigms such as HIDS and NIDS deal with.

            In this project, we discuss the problem of ensuring integrity for operations commonly preformed on VMs or VMMs, such as copying data to or from a VM or detecting when a guest OS has been compromised.  These kinds of problems are important factors to consider when designing IDSes for VMMs, but unfortunately not sufficiently secure in current VM environments, as many of them favor usability over secure implementation.  In our discussion, we will explore analogous “classical” paradigms to give a better understanding of these issues.  Finally, we will present some approaches in order to resolve them.

 

Schedule:

Sunday, 11/4                           Oakland Conf. – extended abstract due

Friday, 11/18                          Midterm Report Due

Thursday, 12/8                        Poster Session

Thursday, 12/15                      Project Report Due

 

 

[1]        Tal Garfinkel and Mendel Rosenblum. A virtual machine introspection based architecture for intrusion detection. Proceedings of the Network and Distributed Systems Security Symposium (NDSS ’03), February 2003.