Skip to main content
Log in

On covert channels between virtual machines

  • Original Paper
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

Virtualization technology has become very popular because of better hardware utilization and easy maintenance. However, there are chances for information leakage and possibilities of several covert channels for information flow between the virtual machines. Our work focuses on the experimental study of security threats in virtualization, especially due to covert channels and other forms of information leakage. The existence of data leakage during migration shutdown and destruction of virtual machines, is tested on different hypervisors. For empirically showing the possibility of covert channels between virtual machines, three new network based covert channels are hypothesized and demonstrated through implementation, on different hypervisors. One of the covert channels hypothesized is a TCP/IP steganography based covert channel. Other covert channels are a timing covert channel and a new network covert channel having two pairs of socket programs. We propose a VMM (Virtual Machine Monitor) based network covert channel avoidance mechanism, tackling detection resistant covert channel problems. We also address issue of reducing the possibilities of network based covert channels using VMM-level firewalls. In order to emphasize the importance of addressing the issue of information leakage through virtual machines, we illustrate the simplicity of launching network covert channel based attacks, by demonstrating an attack on a virtual machine using covert channels through implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. 3-way handshake. http://www.3wayhandshake.com. Accessed 10 Nov 2010

  2. ATA over Ethernet. http://en.wikipedia.org/wiki/ATA_over_Ethernet. Accessed 10 Nov 2010

  3. Cheng, G., Jin, H., Zou, D., Ohoussou, A., Zhao, F.: A prioritized chinese wall model for managing the covert information flows in virtual machine systems. In: ICYCS 2008. The 9th International Conference for Young Computer Scientists, pp. 1481–1487. IEEE, New York (2008)

  4. Clark, C., Fraser, K., Hand, S., Hansen, J., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: Proceedings of the 2nd Conference on Symposium on Networked Systems Design and Implementation, vol. 2, pp. 273–286. USENIX Association, Boston (2005)

  5. Full-virtualization. http://en.wikipedia.org/wiki/Full_virtualization. Accessed 10 Nov 2010

  6. Gligor, V.: a guide to understanding covert channel analysis of trusted systems. National Computer Security Center, Ft. George G. Meade, MD, Tech. Rep. NCSC-TG-030 (1993)

  7. Golden, B.: Virtualization for dummies. For Dummies (2007)

  8. Jaeger, T., Sailer, R., Sreenivasan, Y.: Managing the risk of covert information flows in virtual machine systems. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, pp. 81–90. ACM, New York (2007)

  9. Ju S., Song X.: On the Formal Characterization of Covert Channel, pp. 155–160. Content Computing. Springer, Berlin (2004)

    Google Scholar 

  10. Mevag, I.: Towards automatic management and live migration of virtual machines. Master’s thesis, University of Oslo, Oslo University College (UiO/HiO), Oslo, Norway (2007)

  11. Murdoch, S.: Covert channel vulnerabilities in anonymity systems. http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-706.pdf (2007). Accessed 10 Nov 2010

  12. Murdoch S., Lewis S.: Embedding covert channels into TCP/IP. In: Information Hiding, pp. 247–261. Springer, Berlin (2005)

    Google Scholar 

  13. Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proceedings of BlackHat DC Convention (2008)

  14. Okamura, K., Oyama, Y.: Load-based covert channels between Xen virtual machines. In: Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 173–180. ACM, New York (2010)

  15. Paravirtualization. http://en.wikipedia.org/wiki/Paravirtualization. Accessed 10 Nov 2010

  16. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM, New York (2009)

  17. Rosenblum M., Garfinkel T.: Virtual machine monitors: current technology and future trends. Computer 38(5), 39–47 (2005)

    Article  Google Scholar 

  18. Rredhat virtualization guide. http://www.centos.org/docs/5/html/5.1/pdf/Virtualization.pdf. Accessed 10 Nov 2010

  19. Rutkowska, J.: The implementation of passive covert channels in the Linux kernel. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.102.9319&rep=rep1&type=pdf (2004). Accessed 10 Nov 2010

  20. Salaün, M.: Practical Overview of a Xen Covert Channel, pp. 1–12. Springer, Berlin (2009) (J. Comput. Virol.)

  21. Shalini, K.: Managing covert information leaks in Xen virtual machine. M.Tech thesis, National Institute of Technology, Calicut, India (2010)

  22. TCP sequence prediction attack. http://en.wikipedia.org/wiki/TCP_Sequence_Prediction_Attack. Accessed 10 Nov 2010

  23. Transmission Control Protocol. http://en.wikipedia.org/wiki/Transmission_Control_Protocol. Accessed 10 Nov 2010

  24. Tumoian, E., Anikeev, M.: Detecting NUSHU covert channels using neural networks (2005)

  25. Virtualization Security Survey. http://www.prismmicrosys.com/documents/VirtualizationSecuritySurvey2010.pdf (2010). Accessed 10 Nov 2010

  26. Wang, W., Zhang, Y., Lin, B., Wu, X., Miao, K.: Secured and reliable VM migration in personal cloud. In: 2nd International Conference on Computer Engineering and Technology (ICCET), vol. 1, pp. V1–705. IEEE, New York (2010)

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to P. Ranjith.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ranjith, P., Priya, C. & Shalini, K. On covert channels between virtual machines. J Comput Virol 8, 85–97 (2012). https://doi.org/10.1007/s11416-012-0168-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-012-0168-x

Keywords

Navigation