GEMINI: Guest-transparent honey files via hypervisor-level access redirection

Abstract

Data safety has become a critical problem in the face of various cyber-attacks aiming at stealing or divulging sensitive information. In the event that adversaries have gained access to a system storing classified data, such crucial systems should actively protect the integrity of this data. To purposely deceive an attacker, we propose that accesses to sensitive data can be dynamically partitioned to prevent malicious tampering. In this paper, we present GEMINI, a virtualization-based system to transparently redirect accesses to classified files based on the context of the access (e.g., process, user, time-of-day, etc.). If an access violates preconfigured data-use policies then it will be rerouted to a honey version of the file, specifically crafted to be manipulated by the adversary. Thus, GEMINI transforms static, sensitive files into moving targets and provides strong transparency and tamper-resistance as it is located at the hypervisor level. Our evaluation shows that GEMINI effectively neutralizes several real-world attacks on various sensitive files and can be integrated seamlessly into current cloud environments.