Outline. Introduction. State-of-the-art Forensic Methods. Hardware-based Workload Forensics. Experimental Results. Summary. OS level Hypervisor level
|
|
- Austin Sanders
- 8 years ago
- Views:
Transcription
1 Outline Introduction State-of-the-art Forensic Methods OS level Hypervisor level Hardware-based Workload Forensics Process Reconstruction Experimental Results Setup Result & Overhead Summary 1
2 Introduction Motivation Vast amount of sensitive information is stored, processed and communicated in electronic form Intensified malicious efforts à unauthorized access Retroactive investigation needed Workload Forensics Collect data related to past execution of computer programs Analyze data to understand and/or reconstruct corresponding events 2
3 Outline Introduction State-of-the-art Forensic Methods OS level Hypervisor level Hardware-based Workload Forensics Process Reconstruction Experimental Results Setup Result & Overhead Summary 3
4 OS-level Forensic Methods Forensic module resides at the same level with applications/os kernel Signature comparison Memory image Commercial products (i.e. EnCase, FTK, etc.) Program behavior modeling System call pattern Involve machine learning/statistics OS app. app. Forensics app. While OS-level Forensic methods benefit from semantic-rich information, they are vulnerable to software attacks at the same level! C. Kolbitsch, et al. Effective and efficient malware detection at the end, USENIX,
5 Hypervisor-level Forensic Methods Forensic module resides at Hypervisor level Hypervisor Virtualization for OS Isolated management core provides better security Bridge semantic gap Process à dedicated addr. space & page table Page table base addr. (CR3 in x86) à process Similar methods as at OS-level can be performed Hypervisor OS OS Forensics OS Hypervisor-level Forensic methods are immune to OS-level attacks. Unfortunately, the hypervisor itself can be the attack surface! *D. Perez-Botero et al. Characterizing hypervisor vulnerabilities in cloud computing servers, SCC,
6 Outline Introduction State-of-the-art Forensic Methods OS level Hypervisor level Hardware-based Workload Forensics Process Reconstruction Experimental Results Setup Result & Overhead Summary 6
7 Why Hardware-based Forensics? user environment analysis environment software analysis module hardware Download data bus logging module Upload data bus A logging module at hardware level is expected to be immune to software-based tampering! 7
8 Process Reconstruction Challenge Three main questions: Data in HW à I.D.? Data in HW à behavior? process Analysis in SW à distinguish different processes? 8
9 Logging Module Logging Object CR3 value Identifier of the process Phase 1 Phase 2 Phase 3 Phase 2 Phase 3 Phase 1 User-space instruction raising itlb miss Behavior of the process Why TLB profile? CR3 change à TLB flush Accurate association between TLB events and CR3 value Mitigation of the effect of different program execution order T. Sherwood et al. Discovering and exploiting program phases, IEEE Micro,
10 CR3 value Instruction 1 Instruction 2 Instruction 100 Instruction 1 Instruction 2 Instruction 100 Logging Module Feature Extraction 10
11 Logging Module Feature Extraction CR3 value Instruction 1 Instruction 2 Instruction 100 update feature vector for each partition Operator counters Instruction 1 Instruction 2 Instruction class operators 1) Data manipulation operator 2) Stack manipulation operator 3) Arithmetic/logic calculation 4) Control flow operation 5) I/O operation 6) Floating point operation 11
12 Logging Module Feature Extraction CR3 value Instruction 1 Instruction 2 Instruction 100 update feature vector for each partition Operator counters Operand counters Instruction 1 Instruction 2 Instruction class operators 12-class operands 1) Data manipulation operator 2) Stack manipulation operator 3) Arithmetic/logic calculation 4) Control flow operation 5) I/O operation 6) Floating point operation 1-8) General purpose registers 9) Memory reference 10) XMM registers/floating point stack 11) All segment registers 12) Immediate value 12
13 Logging Module Feature Extraction CR3 value Instruction 1 Instruction 2 Instruction 100 Instruction 1 Instruction 2 Instruction 100 update feature vector for each partition Operator counters 6-class operators final feature vector list attached to this CR3 Operand counters 12-class operands F.V. 1 F.V. 2 F.V. end 1) Data manipulation operator 2) Stack manipulation operator 3) Arithmetic/logic calculation 4) Control flow operation 5) I/O operation 6) Floating point operation 1-8) General purpose registers 9) Memory reference 10) XMM registers/floating point stack 11) All segment registers 12) Immediate value 13
14 Processes Feature Vector Sample 1 Feature 1 Feature 2 Feature... Sample 2 Feature 1 Feature 2 Feature... Sample 3 Feature 1 Feature 2 Feature... Sample 4 Feature 1 Feature 2 Feature... Feature Matrix Analysis Module 14
15 Processes Feature Vector Sample 1 Feature 1 Feature 2 Feature... Sample 2 Feature 1 Feature 2 Feature... Sample 3 Feature 1 Feature 2 Feature... Sample 4 Feature 1 Feature 2 Feature... Feature Matrix Analysis Module? unseen process seen process 15
16 Processes Feature Vector Sample 1 Feature 1 Feature 2 Feature... Sample 2 Feature 1 Feature 2 Feature... Sample 3 Feature 1 Feature 2 Feature... Sample 4 Feature 1 Feature 2 Feature... Feature Matrix Analysis Module? unseen process seen process? process 1 process 2 process n 16
17 Processes Feature Vector Sample 1 Feature 1 Feature 2 Feature... Sample 2 Feature 1 Feature 2 Feature... Sample 3 Feature 1 Feature 2 Feature... Sample 4 Feature 1 Feature 2 Feature... Feature Matrix Analysis Module? Prob. estimates unseen process seen process Support Vector Machine (SVM)? process 1 process 2 process n k-nearest Neighbors (knn) 17
18 Outline Introduction State-of-the-art Forensic Methods OS level Hypervisor level Hardware-based Workload Forensics Process Reconstruction Experimental Results Setup Result & Overhead Summary 18
19 Experimental Setup Simulator Simics 4.86 Target Platform 32-bit x86 with single Intel Pentium 4 core, 2Ghz 4GB RAM Simulated Operating System (OS) Minimum installation Ubuntu server (Linux 2.6 kernel) Workload Benchmark Mibench 50% training, 50% validation Analysis Software Matlab 19
20 Results Outlier Detection Outlier Detection Accuracy 14% 12% 10% 8% 6% 4% 2% 0% FP rate FN rate test 1 test 2 test 3 test 4 average Test FP: seen process classified as unseen FN: unseen process classified as seen 20
21 Results Outlier Detection Outlier Detection Accuracy 14% 12% 10% 8% 6% 4% 2% 0% FP rate FN rate test 1 test 2 test 3 test 4 average Test FP: seen process classified as unseen FN: unseen process classified as seen Average FP rate: 12.31%; average FN rate: 5.13% 21
22 Results Workload Classification 100% Classification Accuracy 80% 60% 40% 20% 0% knn SVM Average classification accuracy: 96.97% for knn and 96.93% for SVM 22
23 Results Workload Classification 80% 60% 40% 20% 0% Classification Accuracy100% knn SVM benchmark Classification accuracy for some classes reaches 100% 23
24 Results Workload Classification knn SVM 80% 60% 40% 20% 0% Classification Accuracy100% benchmark Classification accuracy for some classes reaches 100% rawcaudio (ADPCM encoding algorithm) rawdaudio (decoding algorithm) à reduced classification efficiency due to similarity 24
25 Logging Overhead Steps to compute logging overhead: Feature Vector Size = 18 log 5 partition size itlb miss rate Partition generation rate = partition size Instruction 1 Instruction 2 Instruction 100 bits per instruction = Feature Vector size Partition generation rate esitimated logging rate(bits/second) = bits per instruction clock frequency CPI (assumed = 1) 25
26 Logging Overhead Steps to compute logging overhead: Feature Vector Size = 18 log 5 partition size itlb miss rate Partition generation rate = partition size Instruction 1 Instruction 2 Instruction 100 bits per instruction = Feature Vector size Partition generation rate esitimated logging rate(bits/second) = bits per instruction clock frequency CPI (assumed = 1) Computation result: Average itlb miss rate for user space instructions is % This leads to an estimated logging rate of only 5.17 KB/s 26
27 Outline Introduction State-of-the-art Forensic Methods OS level Hypervisor level Hardware-based Workload Forensics Process Reconstruction Experimental Results Setup Result & Overhead Summary 27
28 Contributions Summary First hardware-based method for workload forensics analysis Addresses the weakness of OS-level/hypervisor-level methods Demonstrates process reconstruction feasibility via TLB profiling Implementation Complete Hardware-to-Software logging-analysis flow Results High workload-classification accuracy Low logging overhead Future Work Investigate information theoretic content of other features Experiment with more advanced machine learning models 28
Data on Kernel Failures and Security Incidents
Data on Kernel Failures and Security Incidents Ravishankar K. Iyer (W. Gu, Z. Kalbarczyk, G. Lyle, A. Sharma, L. Wang ) Center for Reliable and High-Performance Computing Coordinated Science Laboratory
More informationA Study on Detection of Hacking and Malware Codes in Bare Metal Hypervisor for Virtualized Internal Environment of Cloud Service
78 A Study on Detection of Hacking and Malware Codes in Bare Metal Hypervisor for Virtualized Internal Environment of Cloud Service Jung-oh Park Dept. of Information Communications, DONGYANG MIRAE University,
More informationSEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID
SEMANTIC SECURITY ANALYSIS OF SCADA NETWORKS TO DETECT MALICIOUS CONTROL COMMANDS IN POWER GRID ZBIGNIEW KALBARCZYK EMAIL: KALBARCZ@ILLINOIS.EDU UNIVERSITY OF ILLINOIS AT URBANA-CHAMPAIGN JANUARY 2014
More informationArchitecting for the next generation of Big Data Hortonworks HDP 2.0 on Red Hat Enterprise Linux 6 with OpenJDK 7
Architecting for the next generation of Big Data Hortonworks HDP 2.0 on Red Hat Enterprise Linux 6 with OpenJDK 7 Yan Fisher Senior Principal Product Marketing Manager, Red Hat Rohit Bakhshi Product Manager,
More informationWindows Server Virtualization & The Windows Hypervisor
Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick
More informationIntel Virtualization Technology Overview Yu Ke
Intel Virtualization Technology Overview Yu Ke SSG System Software Division Agenda Virtualization Overview Intel Virtualization Technology 2 What is Virtualization VM 0 VM 1 VM n Virtual Machines (VMs)
More informationVirtualization and Cloud Computing. The Threat of Covert Channels. Related Work. Zhenyu Wu, Zhang Xu, and Haining Wang 1
Virtualization and Cloud Computing Zhenyu Wu, Zhang Xu, Haining Wang William and Mary Now affiliated with NEC Laboratories America Inc. Server Virtualization Consolidates workload Simplifies resource management
More informationBefore we can talk about virtualization security, we need to delineate the differences between the
1 Before we can talk about virtualization security, we need to delineate the differences between the terms virtualization and cloud. Virtualization, at its core, is the ability to emulate hardware via
More informationCloud Computing through Virtualization and HPC technologies
Cloud Computing through Virtualization and HPC technologies William Lu, Ph.D. 1 Agenda Cloud Computing & HPC A Case of HPC Implementation Application Performance in VM Summary 2 Cloud Computing & HPC HPC
More informationAdvancement in Virtualization Based Intrusion Detection System in Cloud Environment
Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,
More informationPFP Technology White Paper
PFP Technology White Paper Summary PFP Cybersecurity solution is an intrusion detection solution based on observing tiny patterns on the processor power consumption. PFP is capable of detecting intrusions
More informationTechnical Investigation of Computational Resource Interdependencies
Technical Investigation of Computational Resource Interdependencies By Lars-Eric Windhab Table of Contents 1. Introduction and Motivation... 2 2. Problem to be solved... 2 3. Discussion of design choices...
More informationPerformance Monitoring of the Software Frameworks for LHC Experiments
Proceedings of the First EELA-2 Conference R. mayo et al. (Eds.) CIEMAT 2009 2009 The authors. All rights reserved Performance Monitoring of the Software Frameworks for LHC Experiments William A. Romero
More informationWIND RIVER SECURE ANDROID CAPABILITY
WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion
More informationUnder the Hood: How Actaeon Unveils Your Hypervisor
Under the Hood: How Actaeon Unveils Your Hypervisor Eurecom, Sophia Antipolis, France, EU HITB Kuala Lumpur, October 2013 Table of Contents Eurecom S3 Security Lab What s the problem we are facing Why
More informationVirtualization. Types of Interfaces
Virtualization Virtualization: extend or replace an existing interface to mimic the behavior of another system. Introduced in 1970s: run legacy software on newer mainframe hardware Handle platform diversity
More informationNetworking Virtualization Using FPGAs
Networking Virtualization Using FPGAs Russell Tessier, Deepak Unnikrishnan, Dong Yin, and Lixin Gao Reconfigurable Computing Group Department of Electrical and Computer Engineering University of Massachusetts,
More informationVerfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014
Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution
More informationSurvey On Hypervisors
Survey On Hypervisors Naveed Alam School Of Informatics and Computing Indiana University Bloomington nalam@indiana.edu ABSTRACT Virtual machines are increasing in popularity and are being widely adopted.
More informationEnsuring Security in Cloud with Multi-Level IDS and Log Management System
Ensuring Security in Cloud with Multi-Level IDS and Log Management System 1 Prema Jain, 2 Ashwin Kumar PG Scholar, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka1, Assistant Professor,
More informationSecure cloud access system using JAR ABSTRACT:
Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that
More informationVirtualization. Michael Tsai 2015/06/08
Virtualization Michael Tsai 2015/06/08 What is virtualization? Let s first look at a video from VMware http://bcove.me/x9zhalcl Problems? Low utilization Different needs DNS DHCP Web mail 5% 5% 15% 8%
More informationVirtual Hosting & Virtual Machines
& Virtual Machines Coleman Kane Coleman.Kane@ge.com September 2, 2014 Cyber Defense Overview / Machines 1 / 17 Similar to the network partitioning schemes described previously, there exist a menu of options
More informationVirtualization for Cloud Computing
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources
More informationDo Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16
Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Overview What are Containers? Containers and The Cloud Containerization vs. H/W Virtualization
More informationTamper-Resistant, Application-Aware Blocking of Malicious Network Connections
Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections Abhinav Srivastava and Jonathon Giffin School of Computer Science Georgia Institute of Technology Attacks Victim System Bot
More informationApplication Performance Analysis of the Cortex-A9 MPCore
This project in ARM is in part funded by ICT-eMuCo, a European project supported under the Seventh Framework Programme (7FP) for research and technological development Application Performance Analysis
More informationSUSE Linux Enterprise 10 SP2: Virtualization Technology Support
Technical White Paper LINUX OPERATING SYSTEMS www.novell.com SUSE Linux Enterprise 10 SP2: Virtualization Technology Support Content and modifications. The contents of this document are not part of the
More informationTrust based Peer-to-Peer System for Secure Data Transmission ABSTRACT:
Trust based Peer-to-Peer System for Secure Data Transmission ABSTRACT: Open nature of peer-to-peer systems exposes them to malicious activity. Building trust relationships among peers can mitigate attacks
More informationRun-time Resource Management in SOA Virtualized Environments. Danilo Ardagna, Raffaela Mirandola, Marco Trubian, Li Zhang
Run-time Resource Management in SOA Virtualized Environments Danilo Ardagna, Raffaela Mirandola, Marco Trubian, Li Zhang Amsterdam, August 25 2009 SOI Run-time Management 2 SOI=SOA + virtualization Goal:
More informationClient-aware Cloud Storage
Client-aware Cloud Storage Feng Chen Computer Science & Engineering Louisiana State University Michael Mesnier Circuits & Systems Research Intel Labs Scott Hahn Circuits & Systems Research Intel Labs Cloud
More informationBuilding Blocks Towards a Trustworthy NFV Infrastructure
Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical
More informationVirtualization Technology
Virtualization Technology A Manifold Arms Race Michael H. Warfield Senior Researcher and Analyst mhw@linux.vnet.ibm.com 2008 IBM Corporation Food for Thought Is Virtual Reality an oxymoron or is it the
More informationVirtualization. Dr. Yingwu Zhu
Virtualization Dr. Yingwu Zhu What is virtualization? Virtualization allows one computer to do the job of multiple computers. Virtual environments let one computer host multiple operating systems at the
More informationElectrical Engineering and Computer Science Department
Electrical Engineering and Computer Science Department Technical Report NWU-EECS-07-01 March 26, 2007 Blackbox No More: Reconstruction of Internal Virtual Machine State Benjamin Prosnitz Abstract Virtual
More informationInternational Journal of Computer Science Trends and Technology (IJCST) Volume 3 Issue 3, May-June 2015
RESEARCH ARTICLE OPEN ACCESS Data Mining Technology for Efficient Network Security Management Ankit Naik [1], S.W. Ahmad [2] Student [1], Assistant Professor [2] Department of Computer Science and Engineering
More informationFrontiers in Cyber Security: Beyond the OS
2013 DHS S&T/DoD ASD (R&E) CYBER SECURITY SBIR WORKSHOP Frontiers in Cyber Security: Beyond the OS Clear Hat Consulting, Inc. Sherri Sparks 7/23/13 Company Profile CHC was founded in 2007 by S. Sparks
More informationCloud Operating Systems for Servers
Cloud Operating Systems for Servers Mike Day Distinguished Engineer, Virtualization and Linux August 20, 2014 mdday@us.ibm.com 1 What Makes a Good Cloud Operating System?! Consumes Few Resources! Fast
More informationCloud Simulator for Scalability Testing
Cloud Simulator for Scalability Testing Nitin Singhvi (nitin.singhvi@calsoftinc.com) 1 Introduction Nitin Singhvi 11+ Years of experience in technology, especially in Networking QA. Currently playing roles
More informationSecuring your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation
Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization
More informationPERFORMANCE ANALYSIS OF KERNEL-BASED VIRTUAL MACHINE
PERFORMANCE ANALYSIS OF KERNEL-BASED VIRTUAL MACHINE Sudha M 1, Harish G M 2, Nandan A 3, Usha J 4 1 Department of MCA, R V College of Engineering, Bangalore : 560059, India sudha.mooki@gmail.com 2 Department
More informationIntelligent End User Compute Strategy. Ted Smith Nigel Brown
Intelligent End User Compute Strategy Ted Smith Nigel Brown Introduction Microserve Technical Service Managed Services Professional Services BCNet provider of Desktops, notebooks, tablets, displays, print
More informationVirtual Machines. COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361
s COMP 3361: Operating Systems I Winter 2015 http://www.cs.du.edu/3361 1 Virtualization! Create illusion of multiple machines on the same physical hardware! Single computer hosts multiple virtual machines
More informationTotal Defense Endpoint Premium r12
DATA SHEET Total Defense Endpoint Premium r12 Overview: Total Defense Endpoint Premium Edition r12 offers comprehensive protection for networks, endpoints and groupware systems from intrusions, malicious
More informationVMware and CPU Virtualization Technology. Jack Lo Sr. Director, R&D
ware and CPU Virtualization Technology Jack Lo Sr. Director, R&D This presentation may contain ware confidential information. Copyright 2005 ware, Inc. All rights reserved. All other marks and names mentioned
More information9/26/2011. What is Virtualization? What are the different types of virtualization.
CSE 501 Monday, September 26, 2011 Kevin Cleary kpcleary@buffalo.edu What is Virtualization? What are the different types of virtualization. Practical Uses Popular virtualization products Demo Question,
More informationVirtualization System Vulnerability Discovery Framework. Speaker: Qinghao Tang Title:360 Marvel Team Leader
Virtualization System Vulnerability Discovery Framework Speaker: Qinghao Tang Title:360 Marvel Team Leader 1 360 Marvel Team Established in May 2015, the first professional could computing and virtualization
More informationDatacenter Operating Systems
Datacenter Operating Systems CSE451 Simon Peter With thanks to Timothy Roscoe (ETH Zurich) Autumn 2015 This Lecture What s a datacenter Why datacenters Types of datacenters Hyperscale datacenters Major
More informationGPU Accelerated Signal Processing in OpenStack. John Paul Walters. Computer Scien5st, USC Informa5on Sciences Ins5tute jwalters@isi.
GPU Accelerated Signal Processing in OpenStack John Paul Walters Computer Scien5st, USC Informa5on Sciences Ins5tute jwalters@isi.edu Outline Motivation OpenStack Background Heterogeneous OpenStack GPU
More informationAn overwhelming majority of IaaS clouds leverage virtualization for their foundation.
1 2 3 An overwhelming majority of IaaS clouds leverage virtualization for their foundation. 4 With the use of virtualization comes the use of a hypervisor. Normally, the hypervisor simply provisions resources
More informationWhite Paper. Recording Server Virtualization
White Paper Recording Server Virtualization Prepared by: Mike Sherwood, Senior Solutions Engineer Milestone Systems 23 March 2011 Table of Contents Introduction... 3 Target audience and white paper purpose...
More informationGURLS: A Least Squares Library for Supervised Learning
Journal of Machine Learning Research 14 (2013) 3201-3205 Submitted 1/12; Revised 2/13; Published 10/13 GURLS: A Least Squares Library for Supervised Learning Andrea Tacchetti Pavan K. Mallapragada Center
More informationBox Leangsuksun+ * Thammasat University, Patumtani, Thailand # Oak Ridge National Laboratory, Oak Ridge, TN, USA + Louisiana Tech University, Ruston,
N. Saragol * Hong Ong# Box Leangsuksun+ K. Chanchio* * Thammasat University, Patumtani, Thailand # Oak Ridge National Laboratory, Oak Ridge, TN, USA + Louisiana Tech University, Ruston, LA, USA Introduction
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationWhy your next Phone System should be software based and running on a mainstream operating system
Whitepaper The benefits of software based PBX Why your next Phone System should be software based and running on a mainstream operating system This whitepaper explains the benefits of having a software
More informationStephen Coty Director, Threat Research
Emerging threats facing Cloud Computing Stephen Coty Director, Threat Research Cloud Environments 101 Cloud Adoption is Gaining Momentum Cloud market revenue will increase at a 36% annual rate Analyst
More informationMcAfee Server Security
Security Secure server workloads with low performance impact and integrated management efficiency. Suppose you had to choose between securing all the servers in your data center physical and virtual or
More informationFORENSIC ANALYSIS Aleš Padrta
FORENSIC ANALYSIS Aleš Padrta CESNET, CESNET-CERTS, FLAB CESNET Czech NREN operator CESNET-CERTS 2004 Established 2008 Accredited CSIRT FLAB Forensic LABoratory Established 6/2011 Support team for CESNET-CERTS
More informationGUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR
GUEST OPERATING SYSTEM BASED PERFORMANCE COMPARISON OF VMWARE AND XEN HYPERVISOR ANKIT KUMAR, SAVITA SHIWANI 1 M. Tech Scholar, Software Engineering, Suresh Gyan Vihar University, Rajasthan, India, Email:
More informationVirtualization. Jia Rao Assistant Professor in CS http://cs.uccs.edu/~jrao/
Virtualization Jia Rao Assistant Professor in CS http://cs.uccs.edu/~jrao/ What is Virtualization? Virtualization is the simulation of the software and/ or hardware upon which other software runs. This
More informationAssessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking
Assessing the Performance of Virtualization Technologies for NFV: a Preliminary Benchmarking Roberto Bonafiglia, Ivano Cerrato, Francesco Ciaccia, Mario Nemirovsky, Fulvio Risso Politecnico di Torino,
More informationLecture Embedded System Security A. R. Sadeghi, @TU Darmstadt, 2011 2012 Introduction Mobile Security
Smartphones and their applications have become an integral part of information society Security and privacy protection technology is an enabler for innovative business models Recent research on mobile
More informationRackspace Cloud Databases and Container-based Virtualization
Rackspace Cloud Databases and Container-based Virtualization August 2012 J.R. Arredondo @jrarredondo Page 1 of 6 INTRODUCTION When Rackspace set out to build the Cloud Databases product, we asked many
More informationx86 Virtualization Hardware Support Pla$orm Virtualiza.on
x86 Virtualization Hardware Support Pla$orm Virtualiza.on Hide the physical characteris.cs of computer resources from the applica.ons Not a new idea: IBM s CP- 40 1967, CP/CMS, VM Full Virtualiza.on Simulate
More informationVirtual Machine Monitors. Dr. Marc E. Fiuczynski Research Scholar Princeton University
Virtual Machine Monitors Dr. Marc E. Fiuczynski Research Scholar Princeton University Introduction Have been around since 1960 s on mainframes used for multitasking Good example VM/370 Have resurfaced
More informationBuilding Docker Cloud Services with Virtuozzo
Building Docker Cloud Services with Virtuozzo Improving security and performance of application containers services in the cloud EXECUTIVE SUMMARY Application containers, and Docker in particular, are
More informationVirtual Switching Without a Hypervisor for a More Secure Cloud
ing Without a for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton) 1 Public Cloud Infrastructure Cloud providers offer computing resources
More informationComputer Science. About PaaS Security. Donghoon Kim Henry E. Schaffer Mladen A. Vouk
About PaaS Security Donghoon Kim Henry E. Schaffer Mladen A. Vouk North Carolina State University, USA May 21, 2015 @ ICACON 2015 Outline Introduction Background Contribution PaaS Vulnerabilities and Countermeasures
More informationFull System Emulation:
Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware Christopher Kruegel Lastline, Inc. chris@lastline.com 1 Introduction Automated malware analysis systems (or sandboxes)
More informationDynamic Load Balancing of Virtual Machines using QEMU-KVM
Dynamic Load Balancing of Virtual Machines using QEMU-KVM Akshay Chandak Krishnakant Jaju Technology, College of Engineering, Pune. Maharashtra, India. Akshay Kanfade Pushkar Lohiya Technology, College
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationProtecting Corporate Data from Mobile Threats. And the emerging role for microsd-based security Art Swift CEO, CUPP Computing
Protecting Corporate Data from Mobile Threats And the emerging role for microsd-based security Art Swift CEO, CUPP Computing 1 Information security is broken $77B WORLDWIDE SPENDING ON INFORMATION SECURITY
More informationIntro to Virtualization
Cloud@Ceid Seminars Intro to Virtualization Christos Alexakos Computer Engineer, MSc, PhD C. Sysadmin at Pattern Recognition Lab 1 st Seminar 19/3/2014 Contents What is virtualization How it works Hypervisor
More informationScaling in a Hypervisor Environment
Scaling in a Hypervisor Environment Richard McDougall Chief Performance Architect VMware VMware ESX Hypervisor Architecture Guest Monitor Guest TCP/IP Monitor (BT, HW, PV) File System CPU is controlled
More informationVirtual Machines and Security Paola Stone Martinez East Carolina University November, 2013.
Virtual Machines and Security Paola Stone Martinez East Carolina University November, 2013. Keywords: virtualization, virtual machine, security. 1. Virtualization The rapid growth of technologies, nowadays,
More informationVirtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE
Virtualization Security and Best Practices Rob Randell, CISSP Senior Security Specialist SE Agenda General Virtualization Concepts Hardware Virtualization and Application Virtualization Types of Hardware
More informationVery Large Enterprise Network, Deployment, 25000+ Users
Very Large Enterprise Network, Deployment, 25000+ Users Websense software can be deployed in different configurations, depending on the size and characteristics of the network, and the organization s filtering
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationEfficient Load Balancing using VM Migration by QEMU-KVM
International Journal of Computer Science and Telecommunications [Volume 5, Issue 8, August 2014] 49 ISSN 2047-3338 Efficient Load Balancing using VM Migration by QEMU-KVM Sharang Telkikar 1, Shreyas Talele
More informationA Survey on Virtual Machine Security
A Survey on Virtual Machine Security Jenni Susan Reuben Helsinki University of Technology jreubens@cc.hut.fi Abstract Virtualization plays a major role in helping the organizations to reduce the operational
More informationCloud Data Protection for the Masses
Cloud Data Protection for the Masses ABSTRACT: Offering strong data protection to cloud users while enabling rich applications is a challenging task. We explore a new cloud platform architecture called
More informationAttacking Hypervisors via Firmware and Hardware
Attacking Hypervisors via Firmware and Hardware Alex Matrosov (@matrosov), Mikhail Gorobets, Oleksandr Bazhaniuk (@ABazhaniuk), Andrew Furtak, Yuriy Bulygin (@c7zero) Advanced Threat Research Agenda Hypervisor
More informationHigh-performance vnic framework for hypervisor-based NFV with userspace vswitch Yoshihiro Nakajima, Hitoshi Masutani, Hirokazu Takahashi NTT Labs.
High-performance vnic framework for hypervisor-based NFV with userspace vswitch Yoshihiro Nakajima, Hitoshi Masutani, Hirokazu Takahashi NTT Labs. 0 Outline Motivation and background Issues on current
More informationCOS 318: Operating Systems. Virtual Machine Monitors
COS 318: Operating Systems Virtual Machine Monitors Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Introduction Have been around
More informationConfinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:
Confinement Problem The confinement problem Isolating entities Virtual machines Sandboxes Covert channels Mitigation 1 Example Problem Server balances bank accounts for clients Server security issues:
More informationCompromise-as-a-Service
ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg 3/31/14 Compromise-as-a-Service Our PleAZURE Felix Wilhelm & Matthias Luft {fwilhelm, mluft}@ernw.de ERNW GmbH Carl-Bosch-Str. 4 D-69115 Heidelberg Agenda
More informationSecure In-VM Monitoring Using Hardware Virtualization
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif Georgia Institute of Technology Atlanta, GA, USA msharif@cc.gatech.edu Wenke Lee Georgia Institute of Technology Atlanta, GA, USA wenke@cc.gatech.edu
More informationIntroduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
More informationInternational Journal of Computer & Organization Trends Volume20 Number1 May 2015
Performance Analysis of Various Guest Operating Systems on Ubuntu 14.04 Prof. (Dr.) Viabhakar Pathak 1, Pramod Kumar Ram 2 1 Computer Science and Engineering, Arya College of Engineering, Jaipur, India.
More informationWeek Overview. Installing Linux Linux on your Desktop Virtualization Basic Linux system administration
ULI101 Week 06b Week Overview Installing Linux Linux on your Desktop Virtualization Basic Linux system administration Installing Linux Standalone installation Linux is the only OS on the computer Any existing
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationTopic 5a Operating System Fundamentals
Topic 5a Operating System Fundamentals What is an operating system? a computer is comprised of various types of software device drivers (storage, I/O, etc.) process and control software memory management
More informationVirtual Desktops Security Test Report
Virtual Desktops Security Test Report A test commissioned by Kaspersky Lab and performed by AV-TEST GmbH Date of the report: May 19 th, 214 Executive Summary AV-TEST performed a comparative review (January
More informationPerformance monitoring at CERN openlab. July 20 th 2012 Andrzej Nowak, CERN openlab
Performance monitoring at CERN openlab July 20 th 2012 Andrzej Nowak, CERN openlab Data flow Reconstruction Selection and reconstruction Online triggering and filtering in detectors Raw Data (100%) Event
More informationAbstract. 1. Introduction. 2. Threat Model
Beyond Ring-3: Fine Grained Application Sandboxing Ravi Sahita (ravi.sahita@intel.com), Divya Kolar (divya.kolar@intel.com) Communication Technology Lab. Intel Corporation Abstract In the recent years
More informationOVA KVM THE SOLUTION. Virtually Unmatched. Get to know KVM. Low cost, super secure and infinitely scalable. JOIN WHAT IS GET SECURITY LOW COST
OVERVIEW SCALABILITY SECURITY LOW COST WHAT WE DO WHAT IS THE SOLUTION JOIN OVA OUR MISSION JOIN US OPEN SOURCE OVIRT USE CASES MEMBERS GET LINUX HYPERVISOR Virtually Unmatched. Get to know. Low cost,
More information<Insert Picture Here> Introducing Oracle VM: Oracle s Virtualization Product Strategy
Introducing Oracle VM: Oracle s Virtualization Product Strategy SAFE HARBOR STATEMENT The following is intended to outline our general product direction. It is intended for information
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationCloud Security. Securing what you can t touch. Presentation to Malaysia Government Cloud Computing Forum 2012-04-05 HUAWEI TECHNOLOGIES CO., LTD.
2012-04-05 Cloud Security Securing what you can t touch www.huawei.com www.huawei.com Presentation to Malaysia Government Cloud Computing Forum HUAWEI TECHNOLOGIES CO., LTD. Why worry about cloud security?
More information