Intrusion Injection for Virtualized Systems: Concepts and Approach

Abstract

Virtualization is drawing attention due to countless benefits, leaving Hypervisors with the paramount responsibility for performance, dependability, and security. However, while there are consolidated approaches to assessing the performance and dependability of virtualized systems, solutions to assess security are very limited. Key difficulties are evaluating the system in the presence of unknown attacks and vulnerabilities and comparing the security attributes of different systems and configurations when an intrusion occurs. In this paper, we propose a novel concept and approach of intrusion injection for virtualized environments, which consists of directly driving the system into the erroneous states that mimic the ones resulting from actual intrusions (in the same way errors are injected to mimic the effects of residual faults). We present a prototype capable of injecting erroneous states related to memory-corruption in the Xen Hypervisor to show that the concept and approach proposed here are feasible. The prototype is evaluated using publicly disclosed exploits across three different versions of Xen. Results show that our tool can inject erroneous states equivalent to those resulting from attacks that exploit existing vulnerabilities, even on versions where those vulnerabilities do not exist.