Browse Prior Art Database

Method To Eliminate Guest VM Data In Host Kernel Dump Using Dynamic Taint Tracking

IP.com Disclosure Number: IPCOM000235053D
Publication Date: 2014-Feb-26
Document File: 3 page(s) / 34K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosued is a technique to identify and scrub guest VM data present in host kernel dumps using dynamic taint tracking. In cloud environment it is quite possible to have the contents of guest VM in the hypervisor coredumps. It is essential to identify and scrub guest VM data in the host kernel dumpfile before passing on the dumpfile to service/support personal for debugging. Passing on without scrubbing guest VM data in the dumpfile can leak cloud customers data to service personnels.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 42% of the total text.

Page 01 of 3

Method To Eliminate Guest VM Data In Host Kernel Dump Using Dynamic Taint Tracking

Data security has been a major concern in the digital world. The number of data security related incidences being reported is alarmingly increasing day by day. Unfortunately newer and more sophisticated mechanisms are used to steal digital data. With the emergence of cloud computing, the security of the digital data of the customers enjoying cloud service will be at the discretion of the cloud service provider, in most of the cases, if not in all cases. We give a scenario where data of cloud customers are at stake and hereby disclose a mechanism to avoid data leak in cloud environment.

Typical cloud environments use visualization to maximize the utilization of the hardware and hence consist of hosts (or hypervisors), which runs multiple guest os instances, called guest VMs. Guest VM instances are assigned to cloud customers, who run their program/processes inside their guest VM instance. Due to the complexity of the software, there are possibilities of host/hypervisor crashing and generating coredumps. The generated coredump of host is generally shared with software maintainers for debugging and serviceability. Usually system admins, service/support engineers and developers access the coredump file to debug the cause of the crash. It is very likely that these coredumps contain guest VM data. For example:

- The network buffers of guest VMs are resident in host kernel memory

- The device buffers of guest VMs are resident in host kernel memory

- The hypervisor (ex: KVM) sometimes buffers guest VM data into host kernel memory for efficiency and performance

- During guest VM migration window, guest disowns the pages and host kernel owns the guest VM pages

Hence, system admins, service/support engineers and developers can extract data belonging to guest VM from host kernel dumps, leading to data security issues. It is imperative for cloud service providers to identify and erase guest VM data in host kernel coredump in order to guarantee data security and also to rectify the cause of the crash to avoid loss of revenue due to downtime.

As per wikipedia "Taint checking is a feature in some computer programming languages, such as Perl and Ruby designed to increase security by preventing malicious users from executing commands on a host computer". The typical usage of dynamic taint analysis is to prevent code injection attacks by tainting all data/variables which are influenced by user input or external input and disallowing branch/jump to tainted data. For example, if variable x is used to store user input and variable y = fun(x), then "y" is influenced by "x" and hence is also tainted (taint propagates in the system). Taint tracking disallows execution of contents of both x and y. There has been considerable amount of work done in the field of taint analysis including correctness, efficiency and performance. There are various implementations of dynamic tain...