Virtual Environments Support Insider Security Violations
Document Type
Conference Proceeding
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science / Centre for Security Research
RAS ID
6056
Abstract
This paper describes an investigation into how an employee using a virtual environment can circumvent any or all of the security, policies and procedures within an organization. The paper discusses the fundamental issues that organizations must address to be able to detect such an attack. Attacks of this nature may be malicious with intent to cause disruption by flooding the network or disabling specific equipment, or non-malicious by quietly gathering critical information such as user names and passwords or a colleague’s internet banking details. Identification of potential residual evidence following an attack is presented. Such evidence may be used to speculate or verify an attack incident occurrence. Additionally, the forensic extraction of any such evidence is discussed. Finally, the paper raises the possibility of a virtual machine being used as an anti-forensic tool to destroy incriminating evidence in such circumstances.
DOI
10.4225/75/57b27c4940cc4
Access Rights
Free_to_read
Comments
Swanson, I. & Williams, P. (2008). Virtual Environments Support Insider Security Violations. Proceedings of the 6th Australian Digital Forensics Conference, (pp. 171--178). Perth, Western Australia. : SECAU _ Security Research Centre, ECU. Available here