Virtualization Technologies & Information Security
Wednesday, January 11, 2006
Information security, considered a hot topic in both commercial and academic communities, figures prominently into how virtualization technologies will develop in the future. New challenges and new opportunities will arise from the ability to develop automation, create intelligence, and provide ubiquitous awareness of security throughout the virtualization infrastructure. In November, 2005, VMware issued a call for presentations related to information security relevant to the virtualization space. Abstracts and links to the selected presentations are below.
Selected Presentation Abstracts
Better Security with Virtual Machines- Kapil Raina and Mike Chen, VMware
Although virtual machines work just like real machines, the technology has generated more benefits than physical machines. VMware's virtual infrastructure already provides security benefits such as strong isolation, encouraging best security practice and the ability to back out corruption of systems/data. We envision that future virtual machines will become more autonomic and intelligent in their security architecture. This talk is aimed at identifying those technologies that would harden security and enhance trust in virtual machines.
Performance Implications of Anti-Virus Execution on a Virtual Platform- Derek Uluski, Micha Moffie, and David Kaeli, Northeastern University
Despite the pervasive use of anti-virus (AV) software, there has not been a systematic study of the characteristics of the execution of this workload. In the first part of this talk we present a characterization of four commonly used anti-virus software packages. Using the Virtutech Simics toolset, we profile the behavior of four popular anti-virus packages as run on an Intel PentiumIV platform running Microsoft Windows-XP.
In the second part of this talk, we debate how to most effectively integrate AV execution into a virtualization layer. The goal will be to minimize the overhead associated with AV execution by running a single copy of on-access scanning. By running the AV application natively, the overhead associated with scanning should be reduced.
Automated Defense from Rootkit Attacks -Arati Baliga, Liviu Iftode, and Xiaoxin (Mike) Chen, Rutgers University/VMware
Rootkit attacks are a growing threat to today's computer systems. Once installed on a system, rootkits hide a compromised system from being detected, by making modifications to the kernel or overwriting important system binaries. Rootkits are typically equipped with keyloggers, log erasers and other malware that allow the attacker to spy on the remote system. Such an attack is extremely hard to detect and recover from in the absence of appropriate tools, as the kernel itself may be compromised.
Viruses and worms use rootkits to evade detection from anti-virus/worm detection software. In this talk, we present Paladin, a framework that automatically contains the effects of rootkit attacks in a virtualized environment. We have developed a prototype for a Linux virtual machine using VMware Workstation to illustrate the concept. We discuss how Paladin can be extended to perform automated fingerprinting of the attacks by tracking simple changes to the filesystem.
Speaker Biographies
Arati Baliga is a Ph.D. student in the Computer Science Department at Rutgers University . She is a member of the Laboratory of Network Centric Computing (DISCO Lab). Her research interests include operating systems, distributed systems, security and reliability.
Xiaoxin (Mike) Chen is a staff member of research and development at VMware, Inc. He has worked on virtual machine monitor, resource management and security. He is interested in security and virtualization research.
Liviu Iftode is an Associate Professor of Computer Science at Rutgers University . He received his Ph.D from Princeton University in 1998. He heads the Laboratory of Network Centric Computing (DISCO Lab) at Rutgers . His research interests lie in operating systems, distributed systems, networking and pervasive computing.
David Kaeli received a BS and PhD in Electrical Engineering from Rutgers University , and an MS in Computer Engineering from Syracuse University . He is presently a Full Professor on the ECE faculty at Northeastern University where he directs the Northeastern University Computer Architecture Research Laboratory (NUCAR). Prior to joining Northeastern in 1993, Kaeli spent 12 years at IBM, the last 7 at T.J. Watson Research Center , Yorktown Heights , NY .
Micha Moffie is a PhD candidate in the Electrical and Computer Engineering Department at Northeastern University . His research interests are computer security, computer architecture and computer micro-architecture. Micha received his MSc from the Computer Science department from the Technion in Israel .
Kapil Raina is a Senior Product Manger for Security at VMware and is a recognized industry expert on information security. Mr. Raina has authored or contributed to several books in the field including "mCommerce Security" (McGrawHill), "PKI Security Solutions" (Wiley), and "Biometrics" (McGrawHill). Mr. Raina has presented at leading industry conferences such as InfoSec and NetSec conferences and to leading universities such as UC Berkeley's Haas Business School and Stanford's Graduate School of Business. Prior to joining VMware, Mr. Raina held key positions in leading security companies such as VeriSign, Inc. and International Network Services and served on various technical and business advisory boards for companies worldwide.
Derek Uluski is a MS candidate in the Electrical and Computer Engineering Department at Northeastern University . His research interests include security and virtual machine design. In 2004, Derek received his BS in Computer Engineering from Northeastern University . During the summer of 2005, Derek worked at VMWare.
