Penetration Test Methodology on Information-Security ... Kim... · Korea Security Evaluation...

Korea Security Evaluation Laboratory Co., Ltd.

Penetration Test Methodology on Information-Security Product

Utilizing the Virtualization Technology

JungDae Kim([email protected])

ByongKi Park([email protected])

3 Penetration Test Methods

4 Conclusions

Background Information1

Vulnerability2

CONTENTS


Background Information

Increasing NeedsThe development of information-security products utilizing the virtualization technology is increased.

02

Expected to Increase CC EvaluationAs more information-security products are increasingly released, it is expected to increase CC evaluation about such kind of products(Information-security products utilizing virtualization technology.)

03

Computing EnvironmentThe Virtualization emerges as a core technology for optimization of limited computing resources and cloud computing environment

01



Damages Caused by PC’s InvasionA PC is infected by a malignant code through external network or is exposed against an attack, the infection will lead to serious damages like draining out or damaging some important data in the PC’s organization, or destroying its internal network, and so on.

02

To Avoid such DamagesTo avoid such damages, We should physically separate the organization’s internal network from external network.

03

More Attacks Against PCAttacks against PC, that is connected to the internal and external network at the same time, are increasing as a major target of attack because PC are more easily to be accessed than any server by attackers

01

Difficulties of Physically Separating NetworkHowever, there are many obstacles such as much cost, energy and a lot of inconveniences in business.

04



To solve these difficulty of physical separation, information-security products utilizing the virtualization technology are developed.

The virtualization technology physically separates the limited computing resources, and provides a virtual host environment separated from real host environment to users.

As a virtual host environment(public domain) separated from real host environment(work domain) is provided in the same PC, it can protect the work domain against any invasion from an external network.


Vulnerability

The information-security product utilizing the virtualization technology logically divides physically limited resources, operating systems and applications, and it provides users with some virtual host environment separated from real host environment.

The real host environment and the virtual host environment share the same separated computing resources, therefore, there may be some vulnerabilities resulting from this resource-sharing feature.

Vulnerability of Physical Resource (CPU, Memory, Disk)Vulnerability of OS Kernel & System File Sharing Vulnerability of Device Driver SharingVulnerability of Files & Registry System SharingVulnerability of Process SharingVulnerability of Network Sharing


Penetration Test Methods

Test of real host environment resources depletion caused by the monopolization of physical resources in the virtual host environment

Test of data access to real host environment through physical dumping into the storage spaces like memory, disk and the others in the virtual host environment.



[Test Case] Monopolization of physical resource in the virtual host environment



[Test Case] Physical dumping into the storage space(disk) in the virtual host environment



Operating system’s invasion test in the real host environment through modification of the operating system kernel & system files.



Test of monitoring the input & output of the real host environment’s devices in the virtual host environment

Test of Accessing to the storage & communication media connected to the real host environment in the virtual host environment



[Test Case] Test of monitoring the input & output of the real host environment’s device(keyboard)



Test of monitoring the input & output states of the real host environment’s files in the virtual host environment.



[Test Case] Test of monitoring the input & output states of the real host environment’s files in the virtual host environment



Process penetration test on the real host environment through DLL injection attacks in the virtual host environment



[Test Case] Process penetration test on the real host environment through DLL injection attacks in the virtual host environment



Test of sniffing network packet of the real host environment in the virtual host environment

Test of accessing to the real host environment by using the information on the real host environment in the Virtual Host Environment



[Test Case] Test of sniffing network packet of the real host environment in the virtual host environment



[Test Case] Test of accessing to the real host environment by using the information of the real host environment in the Virtual Host Environment



Modification test on the MBR & kernel memory in the virtual host environment

Test of penetration to the real host environment by using the backdoor, malware, and the malicious codes in the virtual host environment



[Test Case] Penetration Test Using the IRC Server.


Conclusions

This paper described vulnerability to be considered about the virtualization technology and the penetration test method on the corresponding vulnerability

Dividing and controlling between the virtual host environment and the real host environment are correctly performed

Many researches and tests should be performed to discover the potential vulnerabilities caused by sharing the computing resources


JungDae Kim([email protected])

ByongKi Park([email protected])

Penetration Test Methodology on Information-Security ... Kim... · Korea Security Evaluation...

Documents

Transcript of Penetration Test Methodology on Information-Security ... Kim... · Korea Security Evaluation...