Hypervisor-based Security Architecture for Validating DNS Services (Poster)

Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses with the existing DNS protocols is that the request and response messages are transmitted on the network as plain text. This paper addresses important threats related to Doman Name System (DNS) using a hypervisor based security architecture. The proposed architecture leverages the hypervisor visibility of the virtual machines’ traffic flows to monitor and utilise Virtual Machine Introspection (VMI) techniques to inspect and restore data. It also uses inbuilt snapshot/restore capabilities of the hypervisor to completely restore virtual machines if required. Objective of the proposed architecture is not to actively prevent attacks, but provide a means of identifying different attacks by passively monitoring DNS related conversations coming in and out of virtualised system hosting the DNS. Our model can alert the external monitoring agent(s) or security administrator and actively restore the system if the attack has already compromised the DNS. .