Security Vulnerabilities in A Virtual Environment

Slides:



Advertisements
Similar presentations
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Advertisements

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
Green Cloud Computing Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science and Technology,
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Security Issues and Challenges in Cloud Computing
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Server Virtualization Gina Myers. Definition Creating virtual machines (VMs) “VMs are software entities that emulate a real machine’s functionality” ◦
Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Virtualization for Cloud Computing
5205 – IT Service Delivery and Support
ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.
Windows Server 2008 R2 CSIT 320 (Blum) 1. Server Consolidation – Today’s chips have enhanced capabilities compared to those of the past. In particular.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
Virtualization Lab 3 – Virtualization Fall 2012 CSCI 6303 Principles of I.T.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2009 Seminar #1 VIRTUALIZATION EVERYWHERE.
A Cloud is a type of parallel and distributed system consisting of a collection of inter- connected and virtualized computers that are dynamically provisioned.
Virtualization. Virtualization  In computing, virtualization is a broad term that refers to the abstraction of computer resources  It is "a technique.
Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.
Secure & flexible monitoring of virtual machine University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January.
V IRTUALIZATION Sayed Ahmed B.Sc. Engineering in Computer Science & Engineering M.Sc. In Computer Science.
Improving Network I/O Virtualization for Cloud Computing.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Virtualization: Not Just For Servers Hollis Blanchard PowerPC kernel hacker.
High Performance Computing on Virtualized Environments Ganesh Thiagarajan Fall 2014 Instructor: Yuzhe(Richard) Tang Syracuse University.
Server Virtualization
© 2004 IBM Corporation IBM ^ z/VM Design considerations > Security > Performance (SIE)
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Self-service Cloud Computing Presented by: Yu Bai (ybai181) Butt, S., Lagar-Cavilla, H. A., Srivastava, A., & Ganapathy, V. (2012, October). Self-service.
 Securing and Administering Virtual Machines George Manley and Yang He.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
 Virtual machine systems: simulators for multiple copies of a machine on itself.  Virtual machine (VM): the simulated machine.  Virtual machine monitor.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
VMware vSphere Configuration and Management v6
Security in Cloud Computing Zac Douglass Chris Kahn.
SECURING SELF-VIRTUALIZING ETHERNET DEVICES IGOR SMOLYAR, MULI BEN-YEHUDA, AND DAN TSAFRIR PRESENTED BY LUREN WANG.
Virtual Machines Created within the Virtualization layer, such as a hypervisor Shares the physical computer's CPU, hard disk, memory, and network interfaces.
Operating Systems Security
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Full and Para Virtualization
SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
VIRTUALIZATION TECHNIQUES By:- Aman, Denis and Dharit.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Virtualization for Cloud Computing
Securing Network Servers
Chapter 6: Securing the Cloud
Breaking Up is Hard to Do
Port Knocking Benjamin DiYanni.
Problem Statement and Research Question
Prepared by: Assistant prof. Aslamzai
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Virtual Servers.
Cloud Testing Shilpi Chugh.
Virtualization Techniques
How to Mitigate the Consequences What are the Countermeasures?
Partition Starter Find out what disk partitioning is, state key features, find a diagram and give an example.
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Xen and the Art of Virtualization
Presentation transcript:

Security Vulnerabilities in A Virtual Environment Seminar of Virtual Machine course Mojtaba Asadollahpour Instructor: Hadi Salimi 6 January 2010

Motivation Virtualization plays a major role in helping the organizations to reduce the operational cost ensuring better utilization and flexibility of existing hardware but if done wrong it become as a threat to the environment. “Virtualization is both an opportunity and a threat “ says Patrick Lin, Senior director of Product Management for Vmware[4]

Challenges there are so many different types of virtualization technologies available in the market many of the traditional computer threats apply the same to the virtual machines The case is even worse in the virtualized environment, where there are several virtual computers running Attackers and Hackers are already been actively developing new malware programs for virtual machine environment. "Root kit infections, malware that detects a virtual environment and modifies itself accordingly

Outline Motivation Challenges Virtualization benefits offered by any virtualization technology virtualization technologies Security vulnerabilities in virtualization Conclusion

Virtualization A technology that has an enormous effect in today’s IT world It is a technique that divides a physical computer into several partly or completely isolated machines commonly known as virtual machines (VM) or guest machines The software that allows multiple guest machines to use the hardware of the physical machine is called a hypervisor or a control program

Two primary benefits offered by any virtualization technology Resource sharing in virtualized environment the VMs shares the physical resources such as memory, disk and network devices of the underlying host. Isolation One of the key issue in virtualization, provides isolation between virtual machines that are running on the same physical hardware.

Some of virtualization technologies Full virtualization Paravirtualization Application virtualization the user is able to run a server application locally using the local resources without needing the complexity of completely installing this application on his/her computer

Security vulnerabilities in virtualization Communication between VMs or Between VMs and host VM Escape VM monitoring from the host Denial of Service External Modification of a VM External Modification of the hypervisor VM monitoring from another VM Guest-to-Guest attack

Communication between VMs or Between VMs and host One of the primary benefits that virtualization bring is isolation. This benefit, if not carefully deployed become a threat to the environment. Isolation should be carefully configured and maintained in a virtual environment to ensure that the applications running in one VM dont have access to the applications running in another VM

Communication between VMs or Between VMs and host (cont 1) Example: Shared clipboard in virtual machines

VM Escape VM escape is one of the worst case happens if the isolation between the host and between the VMs is compromised the program running in a virtual machine is able to completely bypass the virtual layer (hypervisor layer), and get access to the host machine Since the host machine is the root, the program which gain access to the host machine also gains the root privileges This result in complete break down in the security framework of the environment

VM Escape (cont 1) This problem can be solved by properly configuring the host/guest interaction. To minimize vulnerability to VM escape: Install only the resource-sharing features that you really need. Keep software installations to a minimum because each program brings its own vulnerabilities.

VM monitoring from the host Following are the possible ways for the host to influence the VMs The host can start, shutdown, pause and restart the VMs. The host can able to monitor and modify the resources available for the virtual machines. The host if given enough rights can monitor the applications running inside the VMs The host can view, copy, and likely to modify the data stored in the virtual disks assigned to the VMs

VM monitoring from the host (cont 1) If a host is compromised then the security of the VMs is under question Basically in all virtualization technologies, the host machines are given some sort of basic rights to control some actions such as resource allocations of the VMs running on top care should be taken when configuring the VM environment so that enough isolation should be provided

Denial of Service it is possible for a guest to impose a denial of service attack to other guests residing in the same system Denial of service attack in virtual environment can be described as an attack when a guest machine takes all the possible resources of the system. the system denies the service to other guests that are making request for resources, this is because there is no resource available for other guests.

Denial of Service (cont 1) The best approach to prevent a guest consuming all the resources is to limit the resources allocated to the guests. Current virtualization technologies offer a mechanism to limit the resources allocated to each guest machines in the environment. Therefore the underlying virtualization technology should be properly configured, which can then prevent one guest consuming all the available resources, there by preventing the denial of service attack

External Modification of a VM There are some sensitive applications exists which rely on the infrastructure of the VM environment These applications running inside a virtual machine requires the virtual machine to be a trusted environment to execute that application. If a VM is modified for some reason, the applications can still be able to run on the VM but the trust is broken.

External Modification of a VM (cont 1) A best solution for this problem is to digitally sign the VM and validating the signature prior to the execution of this sensitive applications

External modification of the hypervisor hypervisor is responsible for providing isolation between the guest machines The VMs are said to be completely isolated or only if the underlying hypervisor behaves well A badly behaved hypervsior will break the security model of the system the recommended solution is to protect the hypervisor from unauthorized modifications or enable the guest machines to validate the hypervisor.

Other Security Vulnerabilities Guest-to-Guest attack VM monitoring from another VM

cunclusion Virtualization brings very little added security to the environment. virtual machines represent the logical instance of an underlying system. So many of the traditional computer threats apply the same to the virtual machines also.

cunclusion (cont 1) The key to create a good virtualization environment is to study carefully the environment that is to be virtualized the needs and goals of the organization and taking into consideration all the possible security issues that puts the virtual machines at risk Finally carefully design the virtual environment with the help of correct virtualization technology that matches the goals

cunclusion (cont 2) Majority of the security issues presented here concerns the security of the host and the hypervisor If the host or the hypervisor is compromised then the whole security model is broken

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.