Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

Published byEdmund Peters Modified over 8 years ago

Similar presentations

Presentation on theme: "Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash."— Presentation transcript:

1 Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash

2 Introduction A virtual machine (VM) is a software based computer separate from the physical computer running in the machine, often called the host. A virtual machine (VM) is a logical process (most often an operating system) that interfaces with emulated hardware and is managed by an underlying control program. The Virtual Machine runs programs in a Bytecode Interpreter.

3 Overview of Virtual Machine Technology Virtual machines have been in existence since the mid 1970’s. Originally, virtual machines were run on mainframes to provide resource multiplexing and isolation. Most modern virtual machine systems use the virtual machine monitor (VMM) model for managing and controlling individual virtual machines.

4 Virtual Machine Types Type I Lowest layer of software is VMM E.g., Xen, VAX VMM, etc. Type II Runs on a host operating system E.g., VMWare, JVM, etc.

5

6 Security Benefits Abstraction Isolation State Restore Transience External Monitoring

7 Abstraction VMs abstract the hardware layer and each VM is allocated its own strictly bounded resources. This layer of abstraction provides additional security. When an attacker gains access to the hardware layer, they have full control over the computer. OSs restrict hardware access by abstracting the hardware details, which is why you can run the same OS on two machines with different hardware configurations. In other words, the OS interfaces directly with the hardware so that programmers and hackers cannot. VMs create a complete hardware and OS abstraction. A program run locally on a physical machine knows what OS it is running on.

8 Abstraction of Physical Resources

9 Isolation The hypervisors segment physical resources into isolated entities and allow each guest OS to run independently. An attack on the VM should not affect any of the other VMs on the server or the host OS. This is unlike a multi-user OS, where all users can be affected by an attack.

10 State Restore VMs are touted for their ability to restore to a previous state. The contents of the virtual disk for each VM are usually stored as a file on the host. Besides being a convenience, state restore helps to ensure data integrity and provides perfect virus removal.

11 Transience One often-overlooked security feature of VMs is their ability to be started remotely, which allows them to be turned on and made available only when needed.

12 External Monitoring Since VMs run on a subset of hardware resources, it is possible to observe VM resource usage and detect malicious software from outside the VM. Physical installations of OSs usually rely on installed virus protection.

13 Security Maintenance VM Sprawl Unique Configurations State Restore Transience

14 Security Vulnerabilities Mobility Hypervisor Intrusion Hypervisor Modification Communication Denial of Service

15 Mobility Virtual machines are inherently not physical, which means their theft can take place without physical theft of the host machine. The contents of the virtual disk for each VM are stored as a file by most hypervisors, which allows VMs to be copied and run from other physical machines.

16 Hypervisor Intrusion The hypervisor provides the abstraction and resource allocation between the host and guests. The hypervisor is a program, running on the host, so if it is compromised, all VMs it controls and the host itself are accessible to the attacker.

17 Hypervisor Modification It does not matter how secure the original hypervisor is if it can be externally modified to use the attacker’s software. One attack of this form is known as Virtual Machine Based Root Kits (VMBR).

18 Communication VM Communication can be used for “guest- to-guest” attacks, in which attackers use one VM to access or control other VMs on the same hypervisor. These attacks can happen with or without compromising the hypervisor layer. A malicious VM can potentially access other VMs through shared memory, network connections, and other shared resources.

19 VM Communication Attack on VM2 and VM3

20 Denial of Service DoS attacks are a threat to all servers, however an improperly configured hypervisor can allow a single VM to consume all resources, thus starving any other VM running on the same physical machine.

21 Reference http://www.cs.wustl.edu/~jain/cse571-09/ftp/vmsec.pdf http://courses.cs.vt.edu/~cs5204/fall07- kafura/Papers/Virtualization/VMM-Security.pdf http://www.cse.psu.edu/~tjaeger/cse497b-s07/slides/cse497b- lecture-26-virtualmachine.pdf http://en.wikipedia.org/wiki/Virtual_machine X. Jiang and D. Xu. Collapsar: A vm-based architecture for network attack detention center. In USENIX Security Symposium, pages 15–28. 2004.

22 Thank You

Download ppt "Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash."

Similar presentations

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Operating System Structure

Operating System Structure
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.

Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.

Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.
The Origin of the VM/370 Time-sharing system Presented by Niranjan Soundararajan.

The Origin of the VM/370 Time-sharing system Presented by Niranjan Soundararajan.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Virtualization 101.

Virtualization 101.
Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.

Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.
To run the program: To run the program: You need the OS: You need the OS:

To run the program: To run the program: You need the OS: You need the OS:
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.

Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Virtualization Concept. Virtualization  Real: it exists, you can see it.  Transparent: it exists, you cannot see it  Virtual: it does not exist, you.

Virtualization Concept. Virtualization  Real: it exists, you can see it.  Transparent: it exists, you cannot see it  Virtual: it does not exist, you.

Similar presentations

Ads by Google