Penetration Test Methodology on Information-Security Product Utilizing the Virtualization Technology JungDae Kim (jdcom@ksel.co.kr) ByongKi Park (bgbak@ksel.co.kr)
CONTENTS 1 Background Information 2 Vulnerability 3 Penetration Test Methods 4 Conclusions
Background Information 01 Computing Environment The Virtualization emerges as a core technology for optimization of limited computing resources and cloud computing environment 02 Increasing Needs The development of information-security products utilizing the virtualization technology is increased. 03 Expected to Increase CC Evaluation As more information-security products are increasingly released, it is expected to increase CC evaluation about such kind of products(information-security products utilizing virtualization technology.)
Background Information 01 More Attacks Against PC Attacks against PC, that is connected to the internal and external network at the same time, are increasing as a major target of attack because PC are more easily to be accessed than any server by attackers 02 Damages Caused by PC s Invasion A PC is infected by a malignant code through external network or is exposed against an attack, the infection will lead to serious damages like draining out or damaging some important data in the PC s organization, or destroying its internal network, and so on. 03 To Avoid such Damages To avoid such damages, We should physically separate the organization s internal network from external network. 04 Difficulties of Physically Separating Network However, there are many obstacles such as much cost, energy and a lot of inconveniences in business.
Background Information To solve these difficulty of physical separation, informationsecurity products utilizing the virtualization technology are developed. The virtualization technology physically separates the limited computing resources, and provides a virtual host environment separated from real host environment to users. As a virtual host environment(public domain) separated from real host environment(work domain) is provided in the same PC, it can protect the work domain against any invasion from an external network.
Vulnerability The information-security product utilizing the virtualization technology logically divides physically limited resources, operating systems and applications, and it provides users with some virtual host environment separated from real host environment. The real host environment and the virtual host environment share the same separated computing resources, therefore, there may be some vulnerabilities resulting from this resource-sharing feature. Vulnerability of Physical Resource (CPU, Memory, Disk) Vulnerability of OS Kernel & System File Sharing Vulnerability of Device Driver Sharing Vulnerability of Files & Registry System Sharing Vulnerability of Process Sharing Vulnerability of Network Sharing
Test of real host environment resources depletion caused by the monopolization of physical resources in the virtual host environment Test of data access to real host environment through physical dumping into the storage spaces like memory, disk and the others in the virtual host environment.
[Test Case] Monopolization of physical resource in the virtual host environment
[Test Case] Physical dumping into the storage space(disk) in the virtual host environment
Operating system s invasion test in the real host environment through modification of the operating system kernel & system files.
Test of monitoring the input & output of the real host environment s devices in the virtual host environment Test of Accessing to the storage & communication media connected to the real host environment in the virtual host environment
[Test Case] Test of monitoring the input & output of the real host environment s device(keyboard)
Test of monitoring the input & output states of the real host environment s files in the virtual host environment.
[Test Case] Test of monitoring the input & output states of the real host environment s files in the virtual host environment
Process penetration test on the real host environment through DLL injection attacks in the virtual host environment
[Test Case] Process penetration test on the real host environment through DLL injection attacks in the virtual host environment
Test of sniffing network packet of the real host environment in the virtual host environment Test of accessing to the real host environment by using the information on the real host environment in the Virtual Host Environment
[Test Case] Test of sniffing network packet of the real host environment in the virtual host environment
[Test Case] Test of accessing to the real host environment by using the information of the real host environment in the Virtual Host Environment
Modification test on the MBR & kernel memory in the virtual host environment Test of penetration to the real host environment by using the backdoor, malware, and the malicious codes in the virtual host environment
[Test Case] Penetration Test Using the IRC Server.
Conclusions This paper described vulnerability to be considered about the virtualization technology and the penetration test method on the corresponding vulnerability Dividing and controlling between the virtual host environment and the real host environment are correctly performed Many researches and tests should be performed to discover the potential vulnerabilities caused by sharing the computing resources
JungDae Kim (jdcom@ksel.co.kr) ByongKi Park (bgbak@ksel.co.kr)