Artifact Mitigation in High-Fidelity Hypervisors
Abstract
The use of hypervisors for cyber operations has increased significantly over the past decade, resulting in an associated increase in the demand for higher-fidelity hypervisors. These hypervisors would not exhibit the markers, or artifacts, that expose the presence of the virtualized environments present in most currently available virtualization solutions. To address this, we present an in-depth examination of a subset of virtualization artifacts in order to design and implement a software solution that will reduce the detectability via mitigation of these artifacts. Our analysis includes performant measures of a bare metal machine, a virtualized machine without our mitigations, and a virtualized machine with our mitigations. The analysis also includes a measure of our implemented system's simulated sensor output. Results of the implementation are analyzed to determine the potential performance impact, the accuracy of our system's simulated output, and whether our mitigation technique is appropriate for extending high-fidelity hypervisors.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2020
- Accession Number
- AD1126550
Entities
People
- Christopher R Norine
Organizations
- Naval Postgraduate School