Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Published byLoraine Stevens Modified over 8 years ago

Similar presentations

Presentation on theme: "Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky."— Presentation transcript:

1 Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky

2 OVERVIEW Introduction VM Architecture VM Security Benefits VM Security Issues VM Security Concerns

3 Introduction A VM is a software implementation of a machine that execute programs like a physical machine A VM can support individual processes or a complete system depending on the abstraction level where virtualization occurs. Virtualization – a technology that allows running two or more OS side by side on one PC or embedded controller

4 OVERVIEW Introduction VM Architecture VM Security Benefits VM Security Issues VM Security Concerns

5 VM Architecture Virtualization  Host OS  Guest OS  Hypervisor

6 VM Architecture HostedBare - Metal There are two common approaches to virtualization: "hosted" and "bare-metal“

7 VM Architecture Thin Virtualization: Get Strong Security in a Small Package

8 VM Architecture Security Concepts in Architecture  Extended computing stack  Guest isolation  Host Visibility from the Guest  Virtualized interfaces  Management interfaces  Greater co-location of data and assets on one box

9 OVERVIEW Introduction VM Architecture VM Security Benefits VM Security Issues VM Security Concerns

10 VM Security Benefits Abstraction and Isolation Better Forensics and Faster Recovery After an Attack Patching is Safer and More Effective More Cost Effective Security Devices Future: Leveraging Virtualization to Provide Better Security

11 OVERVIEW Introduction VM Architecture VM Security Benefits VM Security Issues VM Security Concerns

12 VM Security Issues VM Sprawl Mobility Hypervisor Intrusion Hypervisor Modification Communication Denial of Service

13 VM Security Issues IssueHostedBare-Metal Vulnerability of the underlying operating system Hosted virtualization products run on general- purpose operating systems and are susceptible to all the vulnerabilities and attacks that are prevalent on such systems. VMware bare-metal virtualization is built around the “VMkernel”, a special-purpose microkernel that has a much smaller attack surface than a general- purpose operating system. Sharing of files and data between the guest and the host Most hosted virtualization products provide methods to share user information from the guest to the host (shared folders, clipboards, etc). Although convenient, these are vulnerable to data leakage and malicious code intrusion. Since ESX is designed specifically for virtualization, there is no mechanism or need to share user information between virtual machines and their host.ESX

14 VM Security Issues IssueHostedBare-Metal Resource allocation Hosted virtualization products run as applications in the process space of the host OS. They are at the mercy of the host OS and other applications. VMware bare-metal virtualization allocates resource intelligently while isolating virtual machines from underlying hardware components. No single virtual machine can use all the resources or crash the system. Target Usage Hosted virtualization is targeted for environments where the guest virtual machines can be trusted. This includes software development, testing, demonstration, and trouble-shooting. ESX is meant to be used in production environments in which the guest virtual machines can potentially be exposed to malicious users and network traffic. Strong isolation and strict separation of management greatly reduce any risk of harmful activity going beyond the boundaries of the virtual machine.

15 OVERVIEW Introduction VM Architecture VM Security Benefits VM Security Issues VM Security Concerns

16 Managing oversight and responsibility Patching and maintenance Visibility and compliance VM sprawl Managing Virtual Appliances

17 QUESTIONS ???

18 References Secure Your Virtual Infrastructure http://www.vmware.com/technical- resources/security/overview.html http://www.vmware.com/technical- resources/security/overview.html Virtualization Security and Best Practices http://www.cpd.iit.edu/netsecure08/ROBERT_RANDELL.pdf http://www.cpd.iit.edu/netsecure08/ROBERT_RANDELL.pdf An overview of virtual machine Architecture http://www.cse.ohio-state.edu/~agrawal/760/Slides/apr12.pdf http://itechthoughts.wordpress.com/tag/paravirtualization/ A Survey on the Security of Virtual Machines http://www.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/index.html#Garfinkel05 Virtualization Technology Under the Hood http://www.ni.com/white-paper/8709/en Computer and Network Security Module: Virtualization http://www.cse.psu.edu/~tjaeger/cse544-s13/slides/cse543-virtualization.pdf http://www.vmware.com/virtualization/virtualization-basics/virtualization-benefits.html http://en.wikipedia.org/wiki/Virtual_machine http://www.microsoft.com/windowsserversystem/virtualserver/

Download ppt "Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky."

Similar presentations

An Overview Of Virtual Machine Architectures Ross Rosemark.

An Overview Of Virtual Machine Architectures Ross Rosemark.
1 VIRTUAL MACHINES By: Sai Siddharth Kumar Dantu.

1 VIRTUAL MACHINES By: Sai Siddharth Kumar Dantu.
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Virtualisation From the Bottom Up From storage to application.

Virtualisation From the Bottom Up From storage to application.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
VMware Virtualization Last Update 2014.02.06 2.0.0 1Copyright 2011-2014 Kenneth M. Chipps Ph.D. www.chipps.com.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.

Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.

Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.

Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.
To run the program: To run the program: You need the OS: You need the OS:

To run the program: To run the program: You need the OS: You need the OS:
VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.

VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.
Windows Server 2008 R2 CSIT 320 (Blum) 1. Server Consolidation – Today’s chips have enhanced capabilities compared to those of the past. In particular.

Windows Server 2008 R2 CSIT 320 (Blum) 1. Server Consolidation – Today’s chips have enhanced capabilities compared to those of the past. In particular.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Similar presentations

Ads by Google