Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

Slides:

Advertisements

Similar presentations

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Advertisements

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Operating System Structure

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Cloud Computing and Virtualization Sorav Bansal CloudCamp 2010 IIT Delhi.

Towards Application Security On Untrusted OS

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.

Virtualization for Cloud Computing

Virtual Machine Security Summer 2013 Presented by: Rostislav Pogrebinsky.

The Origin of the VM/370 Time-sharing system Presented by Niranjan Soundararajan.

5205 – IT Service Delivery and Support

Virtualization 101.

Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.

To run the program: To run the program: You need the OS: You need the OS:

Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Virtualization Concept. Virtualization  Real: it exists, you can see it.  Transparent: it exists, you cannot see it  Virtual: it does not exist, you.

Microkernels, virtualization, exokernels Tutorial 1 – CSC469.

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人：張逸文.

Virtualization Lab 3 – Virtualization Fall 2012 CSCI 6303 Principles of I.T.

SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2009 Seminar #1 VIRTUALIZATION EVERYWHERE.

Introduction to VMware Virtualization

Virtualization. Virtualization  In computing, virtualization is a broad term that refers to the abstraction of computer resources  It is "a technique.

Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.

Using Virtualization in the Classroom. Using Virtualization in the Classroom Session Objectives Define virtualization Compare major virtualization programs.

Virtualization Concepts Presented by: Mariano Diaz.

Virtualization Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed.

DiProNN Resource Management System (DiProNN = Distributed Programmable Network Node) Tomáš Rebok Faculty of Informatics MU, Brno Czech.

VirtualBox What you need to know to build a Virtual Machine.

Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.

The Entropia Virtual Machine for Desktop Grids Brad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005 Raju Kumar CS598C: Virtual Machines.

COMS E Cloud Computing and Data Center Networking Sambit Sahu

High Performance Computing on Virtualized Environments Ganesh Thiagarajan Fall 2014 Instructor: Yuzhe(Richard) Tang Syracuse University.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

 Securing and Administering Virtual Machines George Manley and Yang He.

 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.

Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.

November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:

Virtual Machines Created within the Virtualization layer, such as a hypervisor Shares the physical computer's CPU, hard disk, memory, and network interfaces.

Operating Systems Security

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

Security Vulnerabilities in A Virtual Environment

Full and Para Virtualization

SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.

Protection of Processes Security and privacy of data is challenging currently. Protecting information – Not limited to hardware. – Depends on innovation.

Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.

Virtual Machines Mr. Monil Adhikari. Agenda Introduction Classes of Virtual Machines System Virtual Machines Process Virtual Machines.

© 2009 Pittsburgh Supercomputing Center Server Virtualization and Security Kevin Sullivan Copyright Kevin Sullivan, Pittsburgh Supercomputing.

Unit 2 VIRTUALISATION. Unit 2 - Syllabus Basics of Virtualization Types of Virtualization Implementation Levels of Virtualization Virtualization Structures.

1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.

VIRTUAL MACHINE – VMWARE. VIRTUAL MACHINE (VM) What is a VM? – A virtual machine (VM) is a software implementation of a computing environment in which.

1 Virtualization "Virtualization software makes it possible to run multiple operating systems and multiple applications on the same server at the same.

Introduction to VMware Virtualization

Prepared by: Assistant prof. Aslamzai

Container-based Operating System Virtualization: A scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert Potzl, Marc E. Fiuczynski,

TYPES OF SERVER. TYPES OF SERVER What is a server.

Chapter 21: Virtualization Technology and Security

Virtual Servers.

1. 2 VIRTUAL MACHINES By: Satya Prasanna Mallick Reg.No

Chapter 22: Virtualization Security

Virtualization 101.

Virtualization Techniques

LAB 01 Installation of VIRTUAL MACHINE and LINUX

Introduction to Virtual Machines

Presentation transcript:

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash

Introduction A virtual machine (VM) is a software based computer separate from the physical computer running in the machine, often called the host. A virtual machine (VM) is a logical process (most often an operating system) that interfaces with emulated hardware and is managed by an underlying control program. The Virtual Machine runs programs in a Bytecode Interpreter.

Overview of Virtual Machine Technology Virtual machines have been in existence since the mid 1970’s. Originally, virtual machines were run on mainframes to provide resource multiplexing and isolation. Most modern virtual machine systems use the virtual machine monitor (VMM) model for managing and controlling individual virtual machines.

Virtual Machine Types Type I Lowest layer of software is VMM E.g., Xen, VAX VMM, etc. Type II Runs on a host operating system E.g., VMWare, JVM, etc.

Security Benefits Abstraction Isolation State Restore Transience External Monitoring

Abstraction VMs abstract the hardware layer and each VM is allocated its own strictly bounded resources. This layer of abstraction provides additional security. When an attacker gains access to the hardware layer, they have full control over the computer. OSs restrict hardware access by abstracting the hardware details, which is why you can run the same OS on two machines with different hardware configurations. In other words, the OS interfaces directly with the hardware so that programmers and hackers cannot. VMs create a complete hardware and OS abstraction. A program run locally on a physical machine knows what OS it is running on.

Abstraction of Physical Resources

Isolation The hypervisors segment physical resources into isolated entities and allow each guest OS to run independently. An attack on the VM should not affect any of the other VMs on the server or the host OS. This is unlike a multi-user OS, where all users can be affected by an attack.

State Restore VMs are touted for their ability to restore to a previous state. The contents of the virtual disk for each VM are usually stored as a file on the host. Besides being a convenience, state restore helps to ensure data integrity and provides perfect virus removal.

Transience One often-overlooked security feature of VMs is their ability to be started remotely, which allows them to be turned on and made available only when needed.

External Monitoring Since VMs run on a subset of hardware resources, it is possible to observe VM resource usage and detect malicious software from outside the VM. Physical installations of OSs usually rely on installed virus protection.

Security Maintenance VM Sprawl Unique Configurations State Restore Transience

Security Vulnerabilities Mobility Hypervisor Intrusion Hypervisor Modification Communication Denial of Service

Mobility Virtual machines are inherently not physical, which means their theft can take place without physical theft of the host machine. The contents of the virtual disk for each VM are stored as a file by most hypervisors, which allows VMs to be copied and run from other physical machines.

Hypervisor Intrusion The hypervisor provides the abstraction and resource allocation between the host and guests. The hypervisor is a program, running on the host, so if it is compromised, all VMs it controls and the host itself are accessible to the attacker.

Hypervisor Modification It does not matter how secure the original hypervisor is if it can be externally modified to use the attacker’s software. One attack of this form is known as Virtual Machine Based Root Kits (VMBR).

Communication VM Communication can be used for “guest- to-guest” attacks, in which attackers use one VM to access or control other VMs on the same hypervisor. These attacks can happen with or without compromising the hypervisor layer. A malicious VM can potentially access other VMs through shared memory, network connections, and other shared resources.

VM Communication Attack on VM2 and VM3

Denial of Service DoS attacks are a threat to all servers, however an improperly configured hypervisor can allow a single VM to consume all resources, thus starving any other VM running on the same physical machine.

Reference kafura/Papers/Virtualization/VMM-Security.pdf lecture-26-virtualmachine.pdf X. Jiang and D. Xu. Collapsar: A vm-based architecture for network attack detention center. In USENIX Security Symposium, pages 15–

Thank You