[MA] Verification of information security protection objectives through virtual machine recording and replay.

  • Name:

    [MA] Überprüfung von Schutzzielen der Informationssicherheit durch Aufzeichnung und Wiedergabe virtueller Maschinen

  • Venue:

    Hybrid: Geb. 50.34, Raum 252 oder https://i62bbb.tm.kit.edu/b/mic-7xx-rfr

  • Date:

    2022-08-30

  • Author:

    Marco Liebel

  • Time:

    15:45

  • https://publikationen.bibliothek.kit.edu/1000149965

    As digitalization continues to advance, more and more communication is taking place via computer networks.
    It is important that these data transfers are secure.
    Especially when sensitive data is transferred, such as bank data or company secrets.
    Therefore, appropriate procedures must be used to secure the data transfers.
    One method of securing data transfers is to use the record/replay functionality of virtual machines to detect attackers.
    This involves recording a virtual machine and replaying it in parallel, with little time delay.
    By comparing outgoing network packets, corrupted systems are detected while this system is running.
    The goal of this work is to realize such a system based on the open source software QEMU.
    For this, in addition to extensions to QEMU, extensions to the Linux kernel had to be made.
    This is also open source software, which is used within the virtual machines.
    In combination with further software written especially for this work, a structure could be created that enables a check of the security goals Integrity and Confidentiality.
    This was used to establish an SSH connection to a server, which was first recorded and then successfully replayed.
    The prototypical setup shows that an implementation is not only possible, but also suitable for use in non-trivial tasks, using cryptographic methods.