TY - GEN
T1 - Secure reincarnation of compromised servers using xen based time-forking virtual machines
AU - Anwar, Zahid
AU - Campbell, Roy H.
PY - 2007
Y1 - 2007
N2 - Mission-critical Telecom servers are being ported from their safe PSTN haven to the Internet to cator to the VoIP user base increasing failures due to greater susceptibility to attacks. Virtual Machines are becoming increasing popular for deploying servers because they allow check-pointing and live migration facilities. The challenges are dealing with non-virtual state elements, like ongoing network communications that can't be check-pointed, and recovering state changed between failure and the last checkpoint. Other complications include dependence on human intervention and precise timing so as not to revert to an unhealthy VM already in the state of compromise. This paper describes a Xen based middleware that pervasively detects terminated VM Servers and reincarnates them in a safe state such that they don't lose connectivity to their network clients. It also attempts to isolate messages that caused the failure and generates rules to disallow them from effecting the newly reincarnated VM in the future. Since it essentially allows a VM to start a new life from a point in time before it got compromised, we dubbed it: A Time-Forking Virtual machine (TFVM) following the Copenhagen school's "Many Worlds Theory" that postulates that every historical event forks a new universe for every possible outcome. Currently TFVM works in the context of our particular application but we discuss how to extend our model to allow reincarnation of generalized services.
AB - Mission-critical Telecom servers are being ported from their safe PSTN haven to the Internet to cator to the VoIP user base increasing failures due to greater susceptibility to attacks. Virtual Machines are becoming increasing popular for deploying servers because they allow check-pointing and live migration facilities. The challenges are dealing with non-virtual state elements, like ongoing network communications that can't be check-pointed, and recovering state changed between failure and the last checkpoint. Other complications include dependence on human intervention and precise timing so as not to revert to an unhealthy VM already in the state of compromise. This paper describes a Xen based middleware that pervasively detects terminated VM Servers and reincarnates them in a safe state such that they don't lose connectivity to their network clients. It also attempts to isolate messages that caused the failure and generates rules to disallow them from effecting the newly reincarnated VM in the future. Since it essentially allows a VM to start a new life from a point in time before it got compromised, we dubbed it: A Time-Forking Virtual machine (TFVM) following the Copenhagen school's "Many Worlds Theory" that postulates that every historical event forks a new universe for every possible outcome. Currently TFVM works in the context of our particular application but we discuss how to extend our model to allow reincarnation of generalized services.
UR - http://www.scopus.com/inward/record.url?scp=34547662162&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34547662162&partnerID=8YFLogxK
U2 - 10.1109/PERCOMW.2007.103
DO - 10.1109/PERCOMW.2007.103
M3 - Conference contribution
AN - SCOPUS:34547662162
SN - 0769527884
SN - 9780769527888
T3 - Proceedings - Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2007
SP - 477
EP - 482
BT - Proceedings - Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2007
T2 - 5th Annual IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2007
Y2 - 19 March 2007 through 23 March 2007
ER -