Abstract
Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses with the existing DNS protocols is that the request and response messages are transmitted on the network as plain text. This paper addresses important threats related to Doman Name System (DNS) using a hypervisor based security architecture. The proposed architecture leverages the hypervisor visibility of the virtual machines' traffic flows to monitor and utilise Virtual Machine Introspection (VMI) techniques to inspect and restore data. It also uses inbuilt snapshot/restore capabilities of the hypervisor to completely restore virtual machines if required. Objective of the proposed architecture is not to actively prevent attacks, but provide a means of identifying different attacks by passively monitoring DNS related conversations coming in and out of virtualised system hosting the DNS. Our model can alert the external monitoring agent(s) or security administrator and actively restore the system if the attack has already compromised the DNS.
| Original language | English |
|---|---|
| Title of host publication | Information Security 2014 - Proceedings of the Twelfth Australasian Information Security Conference, AISC 2014 |
| Editors | Udaya Parampalli, Ian Welch |
| Place of Publication | Sydney, Australia |
| Publisher | Australian Computer Society |
| Pages | 83-86 |
| Number of pages | 4 |
| Volume | 149 |
| ISBN (Print) | 9781921770326 |
| Publication status | Published - 2014 |
| Event | Twelfth Australasian Information Security Conference, AISC 2014 - Auckland, New Zealand Duration: 20 Jan 2014 → 23 Jan 2014 |
Other
| Other | Twelfth Australasian Information Security Conference, AISC 2014 |
|---|---|
| Country/Territory | New Zealand |
| City | Auckland |
| Period | 20/01/14 → 23/01/14 |