Evaluation of a Spyware Detection System Using Thin Client Computing - Information Security and Cryptology-ICISC 2010 - page 225

Cryptography Reference

In-Depth Information

Fig. 1. Thin client environment - our system is on the top left corner

system resided on the host operating system and operated on the guest operating

system(s). To verify the Believability of the replayed actions, we conducted a user

study which concluded that the actions generated by our system were indeed

indistinguishable. Moreover, as an Injection Medium , we utilized the X server of

the host operating system to replay the actions. Finally, by slightly modifying

the component of the virtual machine manager that was responsible for drawing

the screen, we were able to verify the actions by checking the color value of

selected pixels.

The original system relied on a language for the creation of believable actions.

It is worth noting here that the approach is generic enough to be used as-is in the

application bellow. This stands because the injection medium is flexible enough

to support replaying of believable actions, although there could be cases where

the believability of the actions can be degraded due to artifacts of the injection

medium itself.

3.2 Thin Clients

The environment we chose to apply our technique to is thin clients, which, al-

though they have been around for a long time, they are recently becoming more

and more prominent in corporate networks. The main benefits of choosing such

a setup are low cost, easy maintenance and energy eciency.

A typical thin client setup consists of two main components: (i) a central

virtual machine host (can be one physical server or more) and (ii) a collection

of “dummy” computers connected to that host over a local and fast network.

All the computation is ooaded to the central server, leaving the user termi-

nals responsible only for transmitting user actions (keyboard, mouse, etc.) and

remotely displaying the screen output of the virtual machine. Each user is then

able to access and use virtual machines hosted on the central server, using these

terminals (thin clients).

The application of our technique in this case was straightforward. In summary,

we deployed our system like an ordinary thin client that periodically connects to

each hosted virtual machine and injects decoy credentials. It is trivial to show

that this type of application satisfies all the properties, previously introduced.

Next Page

Information Security and Cryptology-ICISC 2010

Search WWH ::

Custom Search

Home