Poster: CloudSkulk: Design of a Nested Virtual Machine-based RITM Attack
نویسندگان
چکیده
When attackers have compromised a system and have some certain control over the victim system, retaining that control and avoiding detection becomes their top priority. To achieve this goal, various rootkits have been proposed. However, existing rootkits are still detectable as long as defenders can gain control at a lower-level, such as the operating system level or the hypervisor level, or the hardware level. In this project, we present a new type of rootkits called CloudSkulk, which is a nested virtual machine based rootkit. By impersonating the original hypervisor to communicate with the original guest OS and impersonating the original guest OS to communicate with the hypervisor, CloudSkulk is hard to detect, no matter whether defenders are at the higher-level (e.g., in the original guest OS) or at the lower-level (e.g., in the original hypervisor).
منابع مشابه
The Turtles Project: Design and Implementation of Nested Virtualization
In classical machine virtualization, a hypervisor runs multiple operating systems simultaneously, each on its own virtual machine. In nested virtualization, a hypervisor can run multiple other hypervisors with their associated virtual machines. As operating systems gain hypervisor functionality—Microsoft Windows 7 already runs Windows XP in a virtual machine—nested virtualization will become ne...
متن کاملAn Effective Attack-Resilient Kalman Filter-Based Approach for Dynamic State Estimation of Synchronous Machine
Kalman filtering has been widely considered for dynamic state estimation in smart grids. Despite its unique merits, the Kalman Filter (KF)-based dynamic state estimation can be undesirably influenced by cyber adversarial attacks that can potentially be launched against the communication links in the Cyber-Physical System (CPS). To enhance the security of KF-based state estimation, in this paper...
متن کاملAssessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing
Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...
متن کاملMobile Cloud Computing Network Attack and Defense Learning System Based on Fuzzy Soft Sets
In this paper, we propose a new decision-making system ranking method for the virtual machine startup problems by introducing the concept of fuzzy soft sets. Then this method is used for virtual machine management by AMCCM way. It turns the management of a network attack and defense learning system from semi-automatic to fully automatic. Based on the functional and structural design of mobile c...
متن کاملHypervisor-based Security Architecture for Validating DNS Services (Poster)
Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses with the existing DNS protocols is that the request and response messages are transmitted on the network as plain text. This paper addresses important threats related to Doman Name System (DNS) using a hypervisor base...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017