Data Leakage in Isolated Virtualized Enterprise Computing Systems

Authors

Zechariah D.J. Wolf, Southern Methodist UniversityFollow

Abstract

Virtualization and cloud computing have become critical parts of modern enterprise computing infrastructure. One of the benefits of using cloud infrastructure over in-house computing infrastructure is the offloading of security responsibilities. By hosting one’s services on the cloud, the responsibility for the security of the infrastructure is transferred to a trusted third party. As such, security of customer data in cloud environments is of critical importance. Side channels and covert channels have proven to be dangerous avenues for the leakage of sensitive information from computing systems. In this work, we propose and perform two experiments to investigate side and covert channel possibilities in virtual, enterprise environments. The first experiment is centered around the use of sensor data available via Intelligent Platform Management Interface, an open standard for out-of-band management often shipped with enterprise-level servers. We show how power-related sensors available with minimal user privilege over IPMI can be correlated with the levels of CPU stress of a virtual machine on a server. This leads to our second experiment, in which we demonstrate a power analysis approach for establishing a covert channel for the exfiltration of data from a network-isolated virtual machine on a server rack. By applying the concept of power analysis more broadly to the power consumption of an entire server rack, rather than individual hardware components, we find that basic patterns in system load can be clearly identified using signal processing techniques, demonstrating the potential for establishing a covert channel.

Degree Date

Spring 2023

Document Type

Thesis

Degree Name

M.S.

Department

Computer Science and Engineering

Advisor

Dr. Mitchell A. Thornton

Second Advisor

Dr. Eric C. Larson

Third Advisor

Dr. Michael A. Taylor

Subject Area

Computer Science

Number of Pages

58

Format

.pdf

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License

Recommended Citation

Wolf, Zechariah D.J., "Data Leakage in Isolated Virtualized Enterprise Computing Systems" (2023). Computer Science and Engineering Theses and Dissertations. 32.
https://scholar.smu.edu/engineering_compsci_etds/32