Skip to main content
Springer Nature Link
Log in

Architecting Dependable and Secure Systems Using Virtualization

  • Chapter
Architecting Dependable Systems V

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5135))

Abstract

We outline ways of leveraging virtualization for enhancing system dependability and security, and describe the practical realization of some of these enhancements using the Xen open-source virtual machine monitor (VMM). Using combinatorial modeling, we perform reliability analysis of multiple design choices when a single physical server is used to host multiple virtual servers. The analysis shows that unless certain conditions (e.g., regarding the number of virtual servers) are met, virtualization could decrease the reliability of a single physical server. The analysis also shows that improving the reliability of the VMM is crucial to improving the reliability of a virtualized physical node. Motivated by this observation, we show how the enhancements we have implemented can be combined to produce a more reliable Xen VMM architecture, called R-Xen. The Xen VMM consists of a hypervisor core and a privileged virtual machine (VM) called Dom0. Dom0, being much bulkier than the hypervisor core, is the weak link for Xen reliability. Consequently, R-Xen focuses on improving the reliability of Dom0 through replication in which Dom0 replicas mutually monitor each other for intrusion and faults. R-Xen converts more severe Dom0 replica faults into fail-stop behavior, and rejuvenates a failed replica. The approach is transparent and does not require any modifications to regular Xen VMs (user domains).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Barham, P.T., Dragovic, B., Fraser, K., Hand, S., Harris, T.L., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. In: Proc. 19th ACM Symposium on Operating Systems Principles (SOSP 2003), October 2003, pp. 164–177 (2003)

    Google Scholar 

  2. Garfinkel, T., Rosenblum, M.: When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments. In: Proc. 10th Workshop on Hot Topics in Operating Systems (HotOS-X) (May 2005)

    Google Scholar 

  3. Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proc. Network and Distributed Systems Security Symposium (NDSS 2003) (February 2003)

    Google Scholar 

  4. Bressoud, T.C., Schneider, F.B.: Hypervisor-Based Fault Tolerance. ACM Trans. Comput. Syst. 14(1), 80–107 (1996)

    Article  Google Scholar 

  5. VMware: VMware Double-Take, http://www.vmware.com/pdf/vmware_doubletake.pdf

  6. Douceur, J.R., Howell, J.: Replicated Virtual Machines. Technical Report MSR TR-2005-119, Microsoft Research (September 2005)

    Google Scholar 

  7. Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay. SIGOPS Operating System Review 36(SI), 211–224 (2002)

    Article  Google Scholar 

  8. Joshi, A., King, S.T., Dunlap, G.W., Chen, P.M.: Detecting Past and Present Intrusions through Vulnerability-Specific Predicates. In: Proc. 20th ACM Symposium on Operating Systems Principles (SOSP 2005), pp. 91–104 (2005)

    Google Scholar 

  9. King, S.T., Chen, P.M.: Backtracking Intrusions. In: Proc. 19th ACM Symposium on Operating Systems Principles (SOSP 2003), October 2003, pp. 223–236 (2003)

    Google Scholar 

  10. King, S.T., Mao, Z.M., Lucchetti, D.G., Chen, P.M.: Enriching Intrusion Alerts through Multi-Host Causality. In: Proc. Network and Distributed System Security Symposium (NDSS 2005) (2005)

    Google Scholar 

  11. King, S.T., Dunlap, G.W., Chen, P.M.: Debugging Operating Systems with Time-Traveling Virtual Machines. In: Proc. 2005 Annual USENIX Technical Conference, April 2005, pp. 1–15 (2005)

    Google Scholar 

  12. Zhang, X., van Doorn, L., Jaeger, T., Perez, R., Sailer, R.: Secure coprocessor-based intrusion detection. In: Proc. 10th ACM SIGOPS European workshop, pp. 239–242 (2002)

    Google Scholar 

  13. Nick, L., Petroni, J., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - A Coprocessor-based Kernel Runtime Integrity Monitor. In: Proc. 13th USENIX Security Symposium, p. 13 (2004)

    Google Scholar 

  14. Laureano, M., Maziero, C., Jamhour, E.: Intrusion Detection in Virtual Machine Environments. In: Proc. 30th EUROMICRO Conference (EUROMICRO 2004), pp. 520–525 (2004)

    Google Scholar 

  15. Dike, J.: A User-Mode Port of the Linux Kernel. In: Proc. 4th Annual Linux Showcase & Conference, p. 7 (2000)

    Google Scholar 

  16. Litty, L.: Hypervisor-Based Intrusion Detection. Master’s thesis, University of Toronto (2005)

    Google Scholar 

  17. Jiang, X., X.W., Xu, D.: Stealthy Malware Detection through VMM-based Out-of-the-Box Semantic View Reconstruction. In: Proc. 14th ACM conference on Computer and Communications Security (CCS 2007), pp. 128–138 (2007)

    Google Scholar 

  18. Beck, D., Vo, B., Verbowski, C.: Detecting Stealth Software with Strider GhostBuster. In: Proc. International Conference on Dependable Systems and Networks (DSN 2005), pp. 368–377 (2005)

    Google Scholar 

  19. Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live Migration of Virtual Machines. In: Proc. 2nd Symposium on Networked Systems Design and Implementation (NSDI 2005), May 2005, pp. 273–286 (2005)

    Google Scholar 

  20. Agbaria, A., Friedman, R.: Virtual Machine Based Heterogeneous Checkpointing. Software: Practice and Experience 32(1), 1–19 (2002)

    MATH  Google Scholar 

  21. Washington Post: A Time to Patch (2006), http://blog.washingtonpost.com/securityfix/2006/01/a_time_to_patch.html

  22. Reiser, H.P., Kapitza, R.: Hypervisor-Based Efficient Proactive Recovery. In: Proc. 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007), pp. 83–92 (2007)

    Google Scholar 

  23. Debar, H., Davei, M., Wespi, A.: A Revised Taxonomy of Intrusion-Detection Systems. Annales des Telecommunications 55(7-8), 83–100 (2000)

    Google Scholar 

  24. Chen, P.M., Noble, B.D.: When Virtual is Better than Real. In: Proc. 8th Workshop on Hot Topics in Operating Systems (HotOS-VIII), May 2001, pp. 133–138 (2001)

    Google Scholar 

  25. Kotsovinos, E., Moreton, T., Pratt, I., Ross, R., Fraser, K., Hand, S., Harris, T.: Global-scale Service Deployment in the XenoServer Platform. In: Proc. 1st USENIX Workshop on Real, Large Distributed Systems (WORLDS 2004) (December 2004)

    Google Scholar 

  26. Ross, R.: CoWNFS, http://www.russross.com/CoWNFS.html

  27. stealth: Adore-ng v0.42, http://packetstormsecurity.org/

  28. Johnson, B.W.: Design and Analysis of Fault-Tolerant Digital Systems. Addison-Wesley, Reading (1989)

    Google Scholar 

  29. Reiser, H.P., Hauck, F.J., Kapitza, R., Schröder-Preikschat, W.: Hypervisor-Based Redundant Execution on a Single Physical Host. In: Proc. 6th European Dependable Computing Conference (EDCC 2006), p. S.2 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM Zurich Research Laboratory, Rüschlikon, Switzerland

    Bernhard Jansen, Matthias Schunter & Axel Tanner

  2. IBM T.J. Watson Research Center, Hawthorne, New York, USA

    HariGovind V. Ramasamy

Authors
  1. Bernhard Jansen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. HariGovind V. Ramasamy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Matthias Schunter
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Axel Tanner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Rogério de Lemos Felicita Di Giandomenico Cristina Gacek Henry Muccini Marlon Vieira

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Jansen, B., Ramasamy, H.V., Schunter, M., Tanner, A. (2008). Architecting Dependable and Secure Systems Using Virtualization. In: de Lemos, R., Di Giandomenico, F., Gacek, C., Muccini, H., Vieira, M. (eds) Architecting Dependable Systems V. Lecture Notes in Computer Science, vol 5135. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85571-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85571-2_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85570-5

  • Online ISBN: 978-3-540-85571-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation