Increasing attacker workload with virtual machines

Stephen Kuhn, Stephen Taylor
2011 2011 - MILCOM 2011 Military Communications Conference  
Much of the traffic in modern computer networks is conducted between clients and servers, rather than client-to-client. As a result, servers represent a highvalue target for collection and analysis of network traffic. The observe, orient, decide, and act (OODA) loop for network attack involves surveillance, to determine if a vulnerability is present, selection of an appropriate exploit, use of the exploit to gain access, and persistence for a time sufficient enough to carry out some effect. The
more » ... ut some effect. The time spent in surveillance and persistence may range from seconds to months depending upon the intent of the attack. This paper describes a novel hypervisor technology that increases attacker workload by denying the ability to carry out surveillance. It also denies persistence, even if the attack is successful and never detected. 1
doi:10.1109/milcom.2011.6127643 dblp:conf/milcom/KuhnT11 fatcat:itamz5jhgrhp7e3b3jmpaucfyi