A Novel Approach to Address Information Leakage Attacks Based on Machine Virtualization Omar Hussein 1 , Nermin Hamza 2 , Hesham Hefny 3 Computer and Information Sciences Department Institute of Statistical Studies and Research, Cairo University, Egypt 1 ohusseins@gmail.com 2 nermin.hamza@cu.edu.eg 3 hehefny@ieee.org Abstract—In a traditional non-virtualized computer system the whole software stack is highly vulnerable to security breaches. This is mainly caused by the coexistence of deployed security systems in the same space as the potentially compromised operating system and applications that often run with adminis- trative privileges. In such a structure, compromising, bypassing, disabling, or even subverting deployed security systems become trivial. Machine virtualization provides a powerful abstraction for addressing information security issues. Its isolation, encap- sulation, and partitioning properties can be leveraged to reduce computer systems’ susceptibility to security breaches. This paper demonstrates that machine virtualization when employed and synthesized with cryptography would preserve information con- fidentiality even in an untrusted machine. It presents a novel in- formation security approach called Virtualized Anti-Information Leakage (VAIL). Its objective is to thwart malicious software and insiders’ information leakage attacks on sensitive files after decryption in potentially compromised computer systems. VAIL’s defenses are evaluated against a variety of information leakage attacks including: (1) direct attacks launched on sensitive files from an untrusted virtual machine, and a compromised virtual machine monitor; and (2) indirect attacks exploiting covert storage and timing channels. Based on the security evaluation, it is concluded that VAIL effectively complied with the security requirements, and met its objective. Index Terms—Information Security; Information Leakage; Machine Virtualization; Malicious Software; Insider Threat I. INTRODUCTION Information leakage attacks represent a serious threat for their widespread and devastating effects. Significance of such attacks stems from the fact that they are committed by an organization’s authorized computer users, and/or processes executing on their behalf. The diverse avenues that could be exploited to carry out these attacks add another barrier towards addressing them. In this paper focus is driven towards malicious software (malware) and the insider threat for being the most prominent perpetrators of information leakage attacks. Malware continues to form a major threat, whilst the insider threat is prevailing and represents a challenging unsolved problem for two main reasons: (1) insiders possess deep understanding of the tar- geted vulnerable processes; and (2) they are aware of systems’ unpatched security vulnerabilities. Consequently, addressing malware and the insider threats is a key security requirement. To highlight the problem area, the following example is presented. An accountant created a spreadsheet file to maintain the company’s bank account number, balance, total credits and debits, etc. He/she regularly downloads renewal statements and statements of account from the bank’s website and edits the spreadsheet file. To prevent unauthorized disclosure and prop- agation of such sensitive financial information, the company mandates, according to its security policy, encrypting sensitive files. However, after decryption, sensitive files are still exposed to information leakage attacks. New undetected malware may attempt to leak out the file’s contents after capturing its decryption password and/or opening it. In addition, being an authorized user, the accountant, or any of his co-workers may exploit their privileges to leak out such sensitive information to the company’s competitors for personal or financial gain. This paper presents a novel information security approach called Virtualized Anti-Information Leakage (VAIL). Its ob- jective is to thwart malware and insiders’ information leak- age attacks on sensitive files after decryption in potentially compromised computer systems. VAIL’s basic idea lay in the method machine virtualization and cryptography are synthe- sized and employed to achieve this objective. VAIL’s defenses are evaluated against a variety of information leakage attacks including: (1) direct attacks launched on sensitive files from an untrusted virtual machine, and a compromised virtual machine monitor; and (2) indirect attacks exploiting covert storage and timing channels. The remainder of this paper is organized as follows: Section II briefly explains machine virtualization and its security- related advantages. Section III provides an overview of the previous work that exploited machine virtualization in infor- mation security applications. Section IV presents VAIL; the security requirements, threat model and assumptions, eval- uation of design alternatives, VAIL structure and overview of its components, its encryption scheme, and operation. Section V evaluates VAIL’s defenses against direct and indirect information leakage attacks. Finally, Section VI concludes the paper. (IJCSIS) International Journal of Computer Science and Information Security, Vol. 12, No. 9, September 2014 31 http://sites.google.com/site/ijcsis/ ISSN 1947-5500