A Security Assessment of Virtualized Residential Gateways: : Securely Deploying Third Party Services

Abstract: Scalable, portable and flexible way of providing services can be realized by the means of virtualization technology, where parallel VMs are built on top of a shared hardware implementation. At the same time, securely deploying services has been receiving more attentions. Therefore, it is useful and challenging to secure virtualization infrastructures as a number of security threats are attached to virtualization technology.In this thesis, as LXC is investigated for virtualizing RG, a design on CRG virtualized with LXC is proposed for delivering third-party services and a security assessment of its security threats and vulnerabilities is conducted. Afterwards, a framework of security assessment on virtualization technology is proposed. Three possible defense solutions are proposed and further evaluated in context with CareNet project. The results show that SELinux brings 7% system performance loss but provides CRG with customized strategies and is a practical and feasible solution where as the simplicity of SMACK restricts its flexibility and OpenQRM is a light weight container management tool but not a secure one, both of which should be given more consideration.