Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

Slides:

Advertisements

Similar presentations

An Overview Of Virtual Machine Architectures Ross Rosemark.

Advertisements

1 VIRTUAL MACHINES By: Sai Siddharth Kumar Dantu.

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtualisation From the Bottom Up From storage to application.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

VMware Virtualization Last Update Copyright Kenneth M. Chipps Ph.D.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

5205 – IT Service Delivery and Support

Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.

To run the program: To run the program: You need the OS: You need the OS:

VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.

Windows Server 2008 R2 CSIT 320 (Blum) 1. Server Consolidation – Today’s chips have enhanced capabilities compared to those of the past. In particular.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.

Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

ICT Day Term 4,  Virtualisation is growing in usage.  Current CPU’s are designed to support Virtualisation.  Businesses are looking at virtualisation.

Introduction to VMware Virtualization

CS533 Concepts of Operating Systems Jonathan Walpole.

Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.

Virtualization Concepts Presented by: Mariano Diaz.

Chapter 2: Operating-System Structures. 2.2 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Jan 14, 2005 Operating System.

V IRTUALIZATION Sayed Ahmed B.Sc. Engineering in Computer Science & Engineering M.Sc. In Computer Science.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

Network Plus Virtualization Concepts. Virtualization Overview Virtualization is the emulation of a computer environment called a Virtual Machine. A Hypervisor.

A Brief Intro to Virtualiztion. What is Virtualization? An abstraction Usually performed via software Many different types –Hardware –Software –Data –Network.

COMS E Cloud Computing and Data Center Networking Sambit Sahu

Neil Sanderson 24 October, Early days for virtualisation Virtualization Adoption x86 servers used for virtualization Virtualization adoption.

Instruction Set Virtualization

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.

VMware vSphere Configuration and Management v6

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

Security Vulnerabilities in A Virtual Environment

Examples of Operating Systems.

Virtualization One computer can do the job of multiple computers, by sharing the resources of a single computer across multiple environments. Turning hardware.

Operating-System Structures

Architecture & Cybersecurity – Module 3 ELO-100Identify the features of virtualization. (Figure 3) ELO-060Identify the different components of a cloud.

Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.

Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.

2.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition System Programs (p73) System programs provide a convenient environment.

Virtual Machines Mr. Monil Adhikari. Agenda Introduction Classes of Virtual Machines System Virtual Machines Process Virtual Machines.

© 2009 Pittsburgh Supercomputing Center Server Virtualization and Security Kevin Sullivan Copyright Kevin Sullivan, Pittsburgh Supercomputing.

VIRTUAL MACHINE – VMWARE. VIRTUAL MACHINE (VM) What is a VM? – A virtual machine (VM) is a software implementation of a computing environment in which.

Chapter 6: Securing the Cloud

Introduction to VMware Virtualization

Agenda Hardware Virtualization Concepts

Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Chapter 21: Virtualization Technology and Security

Virtual Servers.

A Brief Intro to Virtualiztion

A Brief Intro to Virtualiztion

1. 2 VIRTUAL MACHINES By: Satya Prasanna Mallick Reg.No

Virtualization Virtualization is the creation of substitutes for real resources – abstraction of real resources Users/Applications are typically unaware.

Chapter 2. Malware Analysis in VMs

Chapter 22: Virtualization Security

Virtualization Techniques

LAB 01 Installation of VIRTUAL MACHINE and LINUX

Virtual machines benefits

Shielding applications from an untrusted cloud with Haven

First Principles of Cybersecurity

Presentation transcript:

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky

OVERVIEW Introduction VM Architecture VM Security Benefits VM Security Issues VM Security Concerns

Introduction A VM is a software implementation of a machine that execute programs like a physical machine A VM can support individual processes or a complete system depending on the abstraction level where virtualization occurs. Virtualization – a technology that allows running two or more OS side by side on one PC or embedded controller

OVERVIEW Introduction VM Architecture VM Security Benefits VM Security Issues VM Security Concerns

VM Architecture Virtualization  Host OS  Guest OS  Hypervisor

VM Architecture HostedBare - Metal There are two common approaches to virtualization: "hosted" and "bare-metal“

VM Architecture Thin Virtualization: Get Strong Security in a Small Package

VM Architecture Security Concepts in Architecture  Extended computing stack  Guest isolation  Host Visibility from the Guest  Virtualized interfaces  Management interfaces  Greater co-location of data and assets on one box

OVERVIEW Introduction VM Architecture VM Security Benefits VM Security Issues VM Security Concerns

VM Security Benefits Abstraction and Isolation Better Forensics and Faster Recovery After an Attack Patching is Safer and More Effective More Cost Effective Security Devices Future: Leveraging Virtualization to Provide Better Security

OVERVIEW Introduction VM Architecture VM Security Benefits VM Security Issues VM Security Concerns

VM Security Issues VM Sprawl Mobility Hypervisor Intrusion Hypervisor Modification Communication Denial of Service

VM Security Issues IssueHostedBare-Metal Vulnerability of the underlying operating system Hosted virtualization products run on general- purpose operating systems and are susceptible to all the vulnerabilities and attacks that are prevalent on such systems. VMware bare-metal virtualization is built around the “VMkernel”, a special-purpose microkernel that has a much smaller attack surface than a general- purpose operating system. Sharing of files and data between the guest and the host Most hosted virtualization products provide methods to share user information from the guest to the host (shared folders, clipboards, etc). Although convenient, these are vulnerable to data leakage and malicious code intrusion. Since ESX is designed specifically for virtualization, there is no mechanism or need to share user information between virtual machines and their host.ESX

VM Security Issues IssueHostedBare-Metal Resource allocation Hosted virtualization products run as applications in the process space of the host OS. They are at the mercy of the host OS and other applications. VMware bare-metal virtualization allocates resource intelligently while isolating virtual machines from underlying hardware components. No single virtual machine can use all the resources or crash the system. Target Usage Hosted virtualization is targeted for environments where the guest virtual machines can be trusted. This includes software development, testing, demonstration, and trouble-shooting. ESX is meant to be used in production environments in which the guest virtual machines can potentially be exposed to malicious users and network traffic. Strong isolation and strict separation of management greatly reduce any risk of harmful activity going beyond the boundaries of the virtual machine.

OVERVIEW Introduction VM Architecture VM Security Benefits VM Security Issues VM Security Concerns

Managing oversight and responsibility Patching and maintenance Visibility and compliance VM sprawl Managing Virtual Appliances

QUESTIONS ???

References Secure Your Virtual Infrastructure resources/security/overview.html resources/security/overview.html Virtualization Security and Best Practices An overview of virtual machine Architecture A Survey on the Security of Virtual Machines Virtualization Technology Under the Hood Computer and Network Security Module: Virtualization