Reducing Attack Surface with VM-Based Phantom Server

Online servers are the primary target of the attack due to their high exposure of various attack surfaces. In this paper, we present a phantom server architecture to reduce the attack surfaces of online servers by separating the protected content from the interface that may be accessed by both regular users and potential attackers. We call the server running the interfaces as Portal Server, and the server providing the protected services as Phantom Server. Only authenticated clients are able to get services from the phantom server. The phantom server architecture reduces the attack surfaces by hiding the phantom server from being detected by the attackers. Moreover, even if the portal server is compromised, the attacker still cannot locate the phantom server and perform further attacks. Our system architecture can be deployed without any hardware or software changes on the legacy servers. We implement a virtual machine (VM) based on phantom server prototype to protect online web and database servers. The experimental results show a low overhead on our phantom server architecture.