Skip to main content

VMIGuard: Detecting and Preventing Service Integrity Violations by Malicious Insiders Using Virtual Machine Introspection

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11875))

Included in the following conference series:

Abstract

Organizations often focus their IT security strategy on protecting the perimeter from outside attacks, but internal attacks can often cause the greatest damage. Version control systems are frequently used in software development, including processes for automated build and deployment. Malicious insider manipulations in a version control system can, for example, lead to a clandestine distribution of software with implanted vulnerabilities, backdoors, or other malicious functionality.

In this paper, we present VMIGuard, a solution that leverages virtual machine introspection (VMI) to detect integrity violations and prevent the propagation of unauthorized changes to a version control system caused by an insider attack. VMIGuard logs metadata about all authenticated modifications, and for each retrieval of version control system content, it verifies on-the-fly if the retrieved content matches the expected state. VMIGuard prevents the delivery of manipulated version control system content and notifies the user about integrity violations. We evaluate VMIGuard based on the open-source version control system git with several scenarios, in which it increases the response time in the worst case of the version control system server by a maximum of only 10%.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Atlassian Bitbucket: What is Git (2018). https://www.atlassian.com/git/tutorials/what-is-git. Accessed 19 July 2019

  2. Aublin, P.L., et al.: LibSEAL: revealing service integrity violations using trusted execution. In: Proceedings of the Thirteenth EuroSys Conference. ACM (2018)

    Google Scholar 

  3. Bitbucket: Bitbucket (2018). https://bitbucket.org/. Accessed 19 July 2019

  4. Elasticsearch B.V.: Open Source Search & Analytics - Elasticsearch — Elastic (2010). https://www.elastic.co/. Accessed 22 July 2019

  5. Gitea: Git with a cup of tea, painless self-hosted git service (2018). https://gitea.io/. Accessed 19 July 2019

  6. GitHub: GitHub (2018). https://github.com/. Accessed 19 July 2019

  7. GitLab: GitLab (2018). https://gitlab.com/. Accessed 19 July 2019

  8. Gogs: Gogs is a painless self-hosted Git service (2018). https://gogs.io/. Accessed 19 July 2019

  9. Jain, B., Baig, M.B., Zhang, D., Porter, D.E., Sion, R.: SoK: introspections on trust and the semantic gap. In: Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP 2014, pp. 605–620. IEEE Computer Society, Washington, DC (2014). http://dx.doi.org/10.1109/SP.2014.45

  10. Lengyel, T.K.: Stealthy monitoring with Xen altp2m. https://blog.xenproject.org/2016/04/13/stealthy-monitoring-with-xen-altp2m/. Accessed 13 July 2019

  11. Payne, B.D.: Simplifying virtual machine introspection using LibVMI. Technical report SAND2012-7818, Sandia National Laboratories (2012)

    Google Scholar 

  12. Ray, I., Belyaev, K., Strizhov, M., Mulamba, D., Rajaram, M.: Secure logging as-a-service-delegating log management to the cloud. IEEE Syst. J. 7(2), 323–334 (2013)

    Article  Google Scholar 

  13. Sentanoe, S., Taubmann, B., Reiser, H.P.: Sarracenia: enhancing the performance and stealthiness of SSH honeypots using virtual machine introspection. In: Gruschka, N. (ed.) NordSec 2018. LNCS, vol. 11252, pp. 255–271. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03638-6_16

    Chapter  Google Scholar 

  14. Software Freedom Conservancy: Git -distributed-is-the-new-centralized (2005). https://git-scm.com/. Accessed 19 July 2019

  15. Taubmann, B., Alabduljaleel, O., Reiser, H.P.: DroidKex: fast extraction of ephemeral TLS keys from the memory of Android apps. Digit. Investig. 26, S67–S76 (2018)

    Article  Google Scholar 

  16. Taubmann, B., Frädrich, C., Dusold, D., Reiser, H.P.: TLSkex: harnessing virtual machine introspection for decrypting TLS communication. Digit. Investig. 16, S114–S123 (2016)

    Article  Google Scholar 

  17. Taubmann, B., Rakotondravony, N., Reiser, H.P.: CloudPhylactor: harnessing mandatory access control for virtual machine introspection in cloud data centers. In: Trustcom/BigDataSE/ISPA, 2016, pp. 957–964. IEEE (2016)

    Google Scholar 

  18. Torres-Arias, S., Ammula, A.K., Curtmola, R., Cappos, J.: On omitting commits and committing omissions: Preventing git metadata tampering that (Re)introduces software vulnerabilities. In: USENIX Security Symposium, pp. 379–395 (2016)

    Google Scholar 

  19. Zawoad, S., Dutta, A., Hasan, R.: Towards building forensics enabled cloud through secure logging-as-a-service. IEEE Trans. Dependable Secur. Comput. 1, 1 (2016)

    Google Scholar 

Download references

Acknowledgment

This work has been supported by the German Federal Ministry of Education and Research (BMBF) in the project DINGFEST-EFoVirt and German Research Foundation (DFG) in the project ARADIA.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Stewart Sentanoe .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sentanoe, S., Taubmann, B., Reiser, H.P. (2019). VMIGuard: Detecting and Preventing Service Integrity Violations by Malicious Insiders Using Virtual Machine Introspection. In: Askarov, A., Hansen, R., Rafnsson, W. (eds) Secure IT Systems. NordSec 2019. Lecture Notes in Computer Science(), vol 11875. Springer, Cham. https://doi.org/10.1007/978-3-030-35055-0_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-35055-0_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-35054-3

  • Online ISBN: 978-3-030-35055-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics