Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Vulnerabilities in A Virtual Environment

Published byBrent Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Vulnerabilities in A Virtual Environment"— Presentation transcript:

1 Security Vulnerabilities in A Virtual Environment
Seminar of Virtual Machine course Mojtaba Asadollahpour Instructor: Hadi Salimi 6 January 2010

2 Motivation Virtualization plays a major role in helping the organizations to reduce the operational cost ensuring better utilization and flexibility of existing hardware but if done wrong it become as a threat to the environment. “Virtualization is both an opportunity and a threat “ says Patrick Lin, Senior director of Product Management for Vmware[4]

3 Challenges there are so many different types of virtualization technologies available in the market many of the traditional computer threats apply the same to the virtual machines The case is even worse in the virtualized environment, where there are several virtual computers running Attackers and Hackers are already been actively developing new malware programs for virtual machine environment. "Root kit infections, malware that detects a virtual environment and modifies itself accordingly

4 Outline Motivation Challenges Virtualization
benefits offered by any virtualization technology virtualization technologies Security vulnerabilities in virtualization Conclusion

5 Virtualization A technology that has an enormous effect in today’s IT world It is a technique that divides a physical computer into several partly or completely isolated machines commonly known as virtual machines (VM) or guest machines The software that allows multiple guest machines to use the hardware of the physical machine is called a hypervisor or a control program

6 Two primary benefits offered by any virtualization technology
Resource sharing in virtualized environment the VMs shares the physical resources such as memory, disk and network devices of the underlying host. Isolation One of the key issue in virtualization, provides isolation between virtual machines that are running on the same physical hardware.

7 Some of virtualization technologies
Full virtualization Paravirtualization Application virtualization the user is able to run a server application locally using the local resources without needing the complexity of completely installing this application on his/her computer

8 Security vulnerabilities in virtualization
Communication between VMs or Between VMs and host VM Escape VM monitoring from the host Denial of Service External Modification of a VM External Modification of the hypervisor VM monitoring from another VM Guest-to-Guest attack

9 Communication between VMs or Between VMs and host
One of the primary benefits that virtualization bring is isolation. This benefit, if not carefully deployed become a threat to the environment. Isolation should be carefully configured and maintained in a virtual environment to ensure that the applications running in one VM dont have access to the applications running in another VM

10 Communication between VMs or Between VMs and host (cont 1)
Example: Shared clipboard in virtual machines

11 VM Escape VM escape is one of the worst case happens if the isolation between the host and between the VMs is compromised the program running in a virtual machine is able to completely bypass the virtual layer (hypervisor layer), and get access to the host machine Since the host machine is the root, the program which gain access to the host machine also gains the root privileges This result in complete break down in the security framework of the environment

12 VM Escape (cont 1) This problem can be solved by properly configuring the host/guest interaction. To minimize vulnerability to VM escape: Install only the resource-sharing features that you really need. Keep software installations to a minimum because each program brings its own vulnerabilities.

13 VM monitoring from the host
Following are the possible ways for the host to influence the VMs The host can start, shutdown, pause and restart the VMs. The host can able to monitor and modify the resources available for the virtual machines. The host if given enough rights can monitor the applications running inside the VMs The host can view, copy, and likely to modify the data stored in the virtual disks assigned to the VMs

14 VM monitoring from the host (cont 1)
If a host is compromised then the security of the VMs is under question Basically in all virtualization technologies, the host machines are given some sort of basic rights to control some actions such as resource allocations of the VMs running on top care should be taken when configuring the VM environment so that enough isolation should be provided

15 Denial of Service it is possible for a guest to impose a denial of service attack to other guests residing in the same system Denial of service attack in virtual environment can be described as an attack when a guest machine takes all the possible resources of the system. the system denies the service to other guests that are making request for resources, this is because there is no resource available for other guests.

16 Denial of Service (cont 1)
The best approach to prevent a guest consuming all the resources is to limit the resources allocated to the guests. Current virtualization technologies offer a mechanism to limit the resources allocated to each guest machines in the environment. Therefore the underlying virtualization technology should be properly configured, which can then prevent one guest consuming all the available resources, there by preventing the denial of service attack

17 External Modification of a VM
There are some sensitive applications exists which rely on the infrastructure of the VM environment These applications running inside a virtual machine requires the virtual machine to be a trusted environment to execute that application. If a VM is modified for some reason, the applications can still be able to run on the VM but the trust is broken.

18 External Modification of a VM (cont 1)
A best solution for this problem is to digitally sign the VM and validating the signature prior to the execution of this sensitive applications

19 External modification of the hypervisor
hypervisor is responsible for providing isolation between the guest machines The VMs are said to be completely isolated or only if the underlying hypervisor behaves well A badly behaved hypervsior will break the security model of the system the recommended solution is to protect the hypervisor from unauthorized modifications or enable the guest machines to validate the hypervisor.

20 Other Security Vulnerabilities
Guest-to-Guest attack VM monitoring from another VM

21 cunclusion Virtualization brings very little added security to the environment. virtual machines represent the logical instance of an underlying system. So many of the traditional computer threats apply the same to the virtual machines also.

22 cunclusion (cont 1) The key to create a good virtualization environment is to study carefully the environment that is to be virtualized the needs and goals of the organization and taking into consideration all the possible security issues that puts the virtual machines at risk Finally carefully design the virtual environment with the help of correct virtualization technology that matches the goals

23 cunclusion (cont 2) Majority of the security issues presented here concerns the security of the host and the hypervisor If the host or the hypervisor is compromised then the whole security model is broken

Download ppt "Security Vulnerabilities in A Virtual Environment"

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Green Cloud Computing Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science and Technology,

Green Cloud Computing Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science and Technology,
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Server Virtualization Gina Myers. Definition Creating virtual machines (VMs) “VMs are software entities that emulate a real machine’s functionality” ◦

Server Virtualization Gina Myers. Definition Creating virtual machines (VMs) “VMs are software entities that emulate a real machine’s functionality” ◦
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Virtualization for Cloud Computing

Virtualization for Cloud Computing
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.

ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.
Windows Server 2008 R2 CSIT 320 (Blum) 1. Server Consolidation – Today’s chips have enhanced capabilities compared to those of the past. In particular.

Windows Server 2008 R2 CSIT 320 (Blum) 1. Server Consolidation – Today’s chips have enhanced capabilities compared to those of the past. In particular.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
Virtualization Lab 3 – Virtualization Fall 2012 CSCI 6303 Principles of I.T.

Virtualization Lab 3 – Virtualization Fall 2012 CSCI 6303 Principles of I.T.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2009 Seminar #1 VIRTUALIZATION EVERYWHERE.

SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2009 Seminar #1 VIRTUALIZATION EVERYWHERE.
A Cloud is a type of parallel and distributed system consisting of a collection of inter- connected and virtualized computers that are dynamically provisioned.

A Cloud is a type of parallel and distributed system consisting of a collection of inter- connected and virtualized computers that are dynamically provisioned.

Similar presentations

Ads by Google