A forensic study of data leakage from one virtual desktop client as it relates to another virtual desktop client with the same hosting network.

摘要

Today, current network designs utilize virtual environments designed with one or multiple hosts utilizing a hypervisor technology to control multiple clients. Each host shares resources that can be leveraged by clients as needed. Previous research has focused on concerns that lie within the client environment, with little concern for the hosting machine. The design of this dissertation is to focus research from one client to another, within different virtual environments. The focus will be to determine if there is a risk of data leakage from one client to another that can be identified and collected. The base hypothesis of this dissertation is that data created on one client is identifiable, recoverable, and discernable within another client without manipulation or exploitation of the client's operating systems. The researcher designed a testing methodology in such a way to ensure consistent, repeatable results during the complete testing process. The ESXi 5-5 server host environment was created using the basic vendor installation instructions within a VMware virtual workstation environment. The collected and evaluated research data showed that memory allocation design of the ESXi 5-5 server provided the opportunity for data from each client---which was originally created solely within other clients' operating system---to be collected. The resulting data showed that various types of information were capable of being collected and used, including complete documents, usernames, passwords, and Internet search terms. A security threat of this type of design, where virtual environments are used to host the ESXi 5-5 server, presents risks that need to be understood and mitigated through alternative methods.