Omar Hussein Sayed Mohamed <br/><br/>
A Novel approach for countering information leakage based on virtualization /  
 نهج جديد لمواجهة تسريب المعلومات اعتمادا على الافتراضية 
Omar Hussein Sayed Mohamed ; Supervised Hesham Ahmed Hefny , Nermin Hamza Abdelghafar 
 - Cairo :   Omar Hussein Sayed Mohamed ,   2016 
 - 175 Leaves ;   30cm 
<br/><br/>Thesis (Ph.D.) - Cairo University - Institute of Statistical Studies and Research- Department of Computer and Information Science  
<br/><br/> In traditional computer architecture, operating systems (OSs) are responsible for managing systems resources, handling processes requests to access the resources, and maintaining data privacy through process isolation. However, this architecture broadens the attack surface to include the whole software stack. This thesis exploits machine virtualization to provide substantially stronger information security guarantees against  information leakage attacks than that traditionally offered by physical (non-virtualized) computer systems. System administration-related advantages of machine virtualization are viewed as valuable security-related advantages that are exploited to reduce systems exposure to security threats.  This thesis presents four contributions. Firstly, a novel OS-independent information  security approach called Virtualized Anti-Information Leakage (VAIL) to address  information leakage attacks by malicious software and insiders, even after decryption of sensitive files using untrusted machines. The idea is based on combining machine virtualization with cryptography and system call monitoring to achieve the intended objective. Secondly, a novel approach called VAIL Disordered-Bitstring Provider  (VDBP) to generate pseudo-random bitstrings. It is one of VAIL modules. It is essential  to support VAILs cryptography-related operations, and salt user-supplied passwords.  Thirdly, a novel approach called VAIL System Call Monitor (VSCM) to detect and  thwart previously unknown code injection attacks. It is one of VAIL modules. It  intercepts and verifies CreateProcess system call invocations from a monitored  process. In case an unknown executable is detected in the first parameter of a call, this  indicates its maliciousness. In response, VSCM encrypts that parameter value to render  the call invalid, thereby thwarting adversaries attacks by preventing the OS from  loading and executing the new malicious child process. Fourthly, a novel covert channel  that is specific to virtual machine monitors (VMMs); it is called VMM memory reclamation-based covert storage channel  
<br/><br/>
<br/><br/><label>Subjects--Index Terms: </label>Countering information leakage  Operating systems (OSs) Virtualization