Skip to main content
SpringerLink
Log in

An Introspection-Based Memory Scraper Attack against Virtualized Point of Sale Systems

  • Conference paper
Financial Cryptography and Data Security (FC 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7126))

Included in the following conference series:

Abstract

Retail industry Point of Sale (POS) computer systems are frequently targeted by hackers for credit/debit card data. Faced with increasing security threats, new security standards requiring encryption for card data storage and transmission were introduced making harvesting card data more difficult. Encryption can be circumvented by extracting unencrypted card data from the volatile memory of POS systems. One scenario investigated in this empirical study is the introspection-based memory scraping attack. Vulnerability of nine commercial POS applications running on a virtual machine was assessed with a novel tool, which exploited the virtual machine state introspection capabilities supported by modern hypervisors to automatically extract card data from the POS virtual machines. The tool efficiently extracted 100% of the credit/debit card data from all POS applications. This is the first detailed description of an introspection-based memory scraping attack on virtualized POS systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chronology of Data Breaches, http://www.privacyrights.org/ar/ChronDataBreaches.htm

  2. PCI Security Standards Council, https://www.pcisecuritystandards.org/

  3. Evolution of Malware: Targeting Credit Card Data in Memory, https://www.trustwave.com/downloads/whitepapers/Trustwave_WP_Evolution_of_Malware_.pdf

  4. Data Breach Investigations Supplemental Report (2009), http://www.verizonbusiness.com/resources/security/reports/rp_2009-data-breach-investigations-supplemental-report_en_xg.pdf

  5. Data Breach Investigation Report (2010), http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf

  6. Restaurant Chain Upgrades Systems and Cuts 2,000 Servers Using Virtual Machines, http://download.microsoft.com/documents/customerevidence/7146_jack__in_the_box_cs.doc

  7. Bringing virtualization and thin computing technology to POS, http://www.pippard.com/pdf/virtualized_pos_whitepaper.pdf

  8. MICROS Systems, Inc. Announces Deployment of MICROS 9700 HMS at M Resort Spa Casino in Las Vegas, http://www.micros.com/NR/rdonlyres/3E357BE8-70DB-468D-B9AB-68F0E784527F/2296/MResort.pdf

  9. Garfinkel, T., Rosenblum, M.: A virtual machine introspection based architecture for intrusion detection. In: Proceedings of the 10th Annual Symposium on Network and Distributed System Security, pp. 191–206 (2003)

    Google Scholar 

  10. Payne, B.D., Carbone, M., Sharif, M., Lee, W.: Lares: an architecture for secure active monitoring using virtualization. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 233–247 (2008)

    Google Scholar 

  11. Jiang, X., Wang, A., Xu, D.: Stealthy Malware Detection Through VMM-Based ”‘Out-of-the-Box’” Semantic View Reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 128–138 (2007)

    Google Scholar 

  12. What is Xen?, http://www.xen.org/

  13. Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends, http://usa.visa.com/download/merchants/bulletin_critical_vulnerabilities_041509.pdf

  14. Top Five Data Security Vulnerabilities Identified to Promote Merchant Awareness, http://usa.visa.com/download/merchants/Cisp_alert_082906_Top5Vulnerabilities.pdf

  15. Common Vulnerabilities and Exposures: CVE-2007-4993, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4993

  16. Jones, S.T., Arpaci-Dusseau, A.C., Arpaci-Dusseau, R.H.: Antfarm: tracking processes in a virtual machine environment. In: Proceedings of the 2006 USENIX Annual Technical Conference (2006)

    Google Scholar 

  17. Russinovich M.E., Solomon, D.A.: Microsoft Windows Internals. Microsoft Press (2005)

    Google Scholar 

  18. XenAccess Documentation, http://doc.xenaccess.org/

  19. Luhn, H. P.: Computer For Verifying Numbers. In: Office, U. S. P., USA (1954)

    Google Scholar 

  20. Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., Van Doorn, L.: Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor. In: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 276–285 (2005)

    Google Scholar 

  21. Nance, K., Bishop, M., Hay, B.: Investigating the Implications of Virtual Machine Introspection for Digital Forensics. In: 2009 International Conference on Availability, Reliability and Security (2009)

    Google Scholar 

  22. Shamir, A., van Someren, N.: Playing Hide and Seek with Stored Keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 118–124. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  23. Petterson, T.: Cryptographic key recovery from Linux memory dumps. In: Chaos Communication Camp (2007)

    Google Scholar 

  24. Halderman, J., Schoen, S., Heningen, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, A., Appelbaum, J., Felten, E.: Lest we remember: cold boot attacks on encryption keys (2008)

    Google Scholar 

  25. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In: Conference on Computer and Communications Security, pp. 199–212 (2009)

    Google Scholar 

  26. Percival, C.: Cache missing for fun and profit. BSDCan, Ottawa (2005)

    Google Scholar 

  27. Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: the Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  28. Payne, B., Carbone, M., Lee, W.: Secure and Flexible Monitoring of Virtual Machines. In: Proceedings of the Annual Computer Security Applications Conference (2007)

    Google Scholar 

  29. Hay, B., Nance, K.: Forensics examination of volatile system data using virtual introspection. SIGOPS Operating Systems Review 42(3), 75–83 (2008)

    Article  Google Scholar 

  30. Schuster, A.: Searching for processes and threads in Microsoft Windows memory dumps. In: Proceedings of the 6th Annual Digital Forensic Research Workshop, pp. 10–16 (2006)

    Google Scholar 

  31. Memparser analysis tool, http://www.dfrws.org/2005/challenge/memparser.shtml

  32. An Introduction to Windows memory forensic, http://forensic.seccure.net/pdf/introduction_to_windows_memory_forensic.pdf

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Stony Brook University, Stony Brook, USA

    Jennia Hizver & Tzi-cker Chiueh

Authors
  1. Jennia Hizver
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tzi-cker Chiueh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microsoft Research Cambridge, Roger Needham Building, 7 J J Thomson Avenue, CB3 0FB, Cambridge, UK

    George Danezis

  2. Department of Computer Science, Stevens Institute of Technology, Castle Point on Hudson, 07030, Hoboken, NJ, USA

    Sven Dietrich

  3. Central Research Laboratories, NEC Corporation, 1753 Shimonumabe Nakahara, 211-8666, Kawasaki, Japan

    Kazue Sako

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hizver, J., Chiueh, Tc. (2012). An Introspection-Based Memory Scraper Attack against Virtualized Point of Sale Systems. In: Danezis, G., Dietrich, S., Sako, K. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29889-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29889-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29888-2

  • Online ISBN: 978-3-642-29889-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation