Successfully reported this slideshow.

NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning

1

Share

Oct. 26, 2014
1 like 2,788 views
Upcoming SlideShare
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Loading in …3
×
1 of 13
1 of 13

NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning

Oct. 26, 2014
1 like 2,788 views

1

Share

Download to read offline

Engineering

Network and System Security 2013

Network and System Security 2013

Engineering

Recommended

More Related Content

Viewers also liked

Vulnerabilities assessment of windows hyper
Bank Alfalah Limited
Linux Kernel Security: Adapting 1960s Technology to Meet 21st Century Threats
James Morris
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat Security Conference
Exploits
Tylor Shellenberger
Have You Driven an SELinux Lately? - An Update on the SELinux Project - OLS ...
James Morris
Linux Kernel Security Overview - KCA 2009
James Morris
computer viruses
upenthira I
Adding Extended Attribute Support to NFS
James Morris
Csw2016 wang docker_escapetechnology
CanSecWest
Introduction to Blockchain
Aalok Singh
BlueHat v17 || Dangerous Contents - Securing .Net Deserialization
BlueHat Security Conference
BlueHat v17 || Don't Let Your Virtualization Fabric Become the Attack Vector
BlueHat Security Conference
Introduction to ethereum_public
antitree
Matriux blue
InMobi Technology

Similar to NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning

Xen Project Update LinuxCon Brazil
The Linux Foundation
Hpc Cloud project Overview
Floris Sluiter
Virtualization in cloud
Ashok Kumar
CCL-Final Presentation
Jeremy Dixon
Xen in the Cloud at SCALE 10x
The Linux Foundation
RHEL roadmap
Terry Wang
NET8935_Small_DC_Shahzad_Ali
shezy22
Implementation of user authentication as a service for cloud network
Salam Shah
Network Service in OpenStack Cloud, by Yaohui Jin
Hui Cheng
Implementation_of_User_Authentication_as
Masood Shah
Cloud Computing with OpenStack
inside-BigData.com
How to deliver High Performance OpenStack Cloud: Christoph Dwertmann, Vault S...
OpenStack
Virtualization
vishnurk
Keynote -金耀辉--network service in open stack cloud-osap2012_jinyh_v4
OpenCity Community
Report on OFELIA
FIBRE Testbed
Enabling NFV features in kubernetes
Kuralamudhan Ramakrishnan
Paper444012-4014
saumya yuval
Virtualization and cloud Computing
Rishikese MR
11. operating-systems-part-2
Muhammad Ahad
Making Cloudy Peanut Butter Cups: Apache CloudStack + Riak CS
John Burwell

More from Tamas K Lengyel

OffensiveCon2022: Case Studies of Fuzzing with Xen
Tamas K Lengyel
Pitfalls and limits of dynamic malware analysis
Tamas K Lengyel
VM Forking and Hypervisor-based Fuzzing with Xen
Tamas K Lengyel
VM Forking and Hypervisor-based fuzzing
Tamas K Lengyel
BSides Denver: Stealthy, hypervisor-based malware analysis
Tamas K Lengyel
Hacktivity 2016: Stealthy, hypervisor based malware analysis
Tamas K Lengyel
Anti-evil maid with UEFI and Xen
Tamas K Lengyel
Stealthy, Hypervisor-based Malware Analysis
Tamas K Lengyel
Virtual Machine Introspection with Xen
Tamas K Lengyel
Cloud Security with LibVMI
Tamas K Lengyel
Troopers15 Lightning talk: VMI & DRAKVUF
Tamas K Lengyel
CrySys guest-lecture: Virtual machine introspection on modern hardware
Tamas K Lengyel
31c3 Presentation - Virtual Machine Introspection
Tamas K Lengyel
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Tamas K Lengyel
Virtual Machine Introspection with Xen on ARM
Tamas K Lengyel
Pitfalls of virtual machine introspection on modern hardware
Tamas K Lengyel
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Tamas K Lengyel
Dfrws eu 2014 rekall workshop
Tamas K Lengyel

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Understanding Media: The Extensions of Man Marshall McLuhan
(4/5)
Free
The Art of War Sun Tsu
(3/5)
Free
The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century's On-line Pioneers Tom Standage
(3.5/5)
Free
Uncommon Carriers John McPhee
(3.5/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(4.5/5)
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
(4.5/5)
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
(4/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free

NSS 2013: Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning

  1. 1. Towards Hybrid Honeynets via Virtual Machine Introspection and Cloning Tamas K Lengyel University of Connecticut
  2. 2. The role of the honeypot
  3. 3. The limitations Low-interaction honeypots: ● "Artificial" attack surface ● Limited information about the attacks ● Easily identified High-interaction honeypots: ● Complexity ● Maintenance ● High risk
  4. 4. Hybrid honeypot Robin Berthier, 2006: Advanced honeypot architecture for network threats quantification Primarily use the Low interaction honeypot and utilize a High interaction honeypot when something "interesting" is happening. How do you define "interesting"?
  5. 5. Hybrid honeynet
  6. 6. VMI-Honeymon http://vmi-honeymon.sf.net ● Fidelity via Virtual Machine Introspection ○ LibVMI ○ Volatility ○ LibGuestFS ● Scalability via Virtual Machine Cloning ○ QEMU copy-on-write disk ○ Xen copy-on-write RAM
  7. 7. Issues: clone routing Clones share IP and MAC address! ○ Post-cloning in-guest network reconfiguration should be avoided ○ Separate bridge/VLAN required for each clone to avoid collision ○ Honeybrid requires extra setup (iptables rules, routing tables & ip marks) to be able to route clones
  8. 8. Network overview
  9. 9. Clone initiated routing
  10. 10. Memsharing results 6207 attack sessions on clone HIHs in two weeks (single IP address) Windows XP SP3 x86 (128MB RAM) Windows 7 SP1 x86 (1GB RAM)
  11. 11. Memsharing results Projected memory savings via CoW RAM Windows XP SP3 x86 Windows 7 SP1 x86
  12. 12. Future work ● Clone routing using Open vSwitch & OpenFlow ● Auto-balloon number of HIHs ● Mix Linux and Windows HIHs with additional software packages installed ● Test large-scale deployment (/24) ● Zazen IDS!
  13. 13. Thank you! Questions?

×