Virtual machine security
Download as PPTX, PDF3 likes17,875 views
The document discusses virtual machine (VM) security, emphasizing the isolation it provides against attackers who compromise a single process. It explains the architecture of virtual machines, the types (Type 1 and Type 2), and the associated security mechanisms and vulnerabilities, highlighting the importance of the trusted computing base. Benefits of utilizing VMs include improved resource utilization, security through isolation, robustness against faults, and better encapsulation for services.
![Type 1 and Type 2 VM
Type 1 architecture
A Type I VMM runs directly
on the physical hardware. It
does not have an operating
system running below it; the
Type I VMM is fully
responsible for scheduling
and allocating of the
system’s resources
between virtual machines
Type 2 architecture
A Type II VMM runs as an application in
a normal operating system. This
operating system controls the real
hardware resources, and is typically
referred to as the ”Host OS.” The host
OS has no knowledge of the Type II
VMM, which is treated like any other
process in the system. The operating
system that runs inside of the Type II
VMM is referred to as the ”Guest OS.”
Examples of Type-II VMM include
VMWare GSX (workstation) [SVL01],
UML (User-Mode Linux) [Dik00], and
FAUmachine [HWS04].](https://image.slidesharecdn.com/virtualmachinesecurity-140103113555-phpapp01/85/Virtual-machine-security-13-320.jpg)
![ d) Virtual Layer Vulnerabilities: Here the author Michael Price
[4] discusses about the layered architecture of a virtual
environment and how it play a major role in security issues.
The fact that lower level layers can have control over the
upper level layers if there is any malicious code or worm
infected in the upper layer of the VM environment then those
can be easily removed from the lower layers. But it becomes
difficult to remove the malicious code if it infects the lower
layer of the VM environment.](https://image.slidesharecdn.com/virtualmachinesecurity-140103113555-phpapp01/85/Virtual-machine-security-21-320.jpg)
![con
E) Encapsulation: According to author Michael Price
[4], security aspects is improved when we use the concept of
encapsulation. He also believes that fact that the services
running in virtual machines are easy to encapsulate and
replicate. So the author says if we can build a risk free robust
application or service it can be replicated and distributed. In
that way even if there is any bug or attack on one application
the other applications can still run.](https://image.slidesharecdn.com/virtualmachinesecurity-140103113555-phpapp01/85/Virtual-machine-security-28-320.jpg)
![ f) Intrusion protection: Here the author Michael Price [4]
brings the concept of clones. He talks about Signature based
intrusion detection. Here the state of a system is determined
by monitoring the system activity. Here he suggests that
instead of looking for the patterns on the original machines,
clones can be created and the events can be monitored [4].
Clones can be run in standby mode and then can be
synchronized with the real machine and then the pattern of
the clone activity can be monitored [4, 15].In this manner one
need not compromise the real system](https://image.slidesharecdn.com/virtualmachinesecurity-140103113555-phpapp01/85/Virtual-machine-security-29-320.jpg)
Virtual machine security
- 1. Virtual machine Security Jacob Zvirikuzhe
- 2. background Current operating systems provide the process abstraction to achieve resource sharing and isolation. From a security perspective, however, an attacker who has compromised one process can usually gain control of the entire machine. This makes security systems running on the same computer, such as anti-virus programs or intrusion detection systems, also vulnerable to attack. In response to the imperfect isolation between processes in modern operating systems, security researchers have begun to use virtual machine technology when designing security systems
- 3. By the end of this presentation you should be able to: 1. Define a virtual machine and explain its architecture 2. Outline the types of the virtual machine environment 3. Explain virtual machine security mechanism 4. Evaluate the benefits and risks of using a VM
- 4. Def A virtual machine(VM) is a logical process (most often an operating system) that interfaces with emulated hardware and is managed by an underlying control program.
- 5. The architecture z Guest OS Guest OS Virtual Machine Monitor hardware
- 6. cont Most modern virtual machine systems use the virtual machine monitor (VMM) model for managing and controlling individual virtual machines. The VMM is a thin software layer that runs directly on a physical machine’s hardware
- 7. con On top of the virtual machine monitor, there can be one or more virtual machines The VMM provides each virtual machine with a set of virtual interfaces that resemble direct interfaces to the underlying hardware. Applications on a virtual machine can run without modification as if they were on running on a dedicated physical machine
- 8. con The VMM allows multiple virtual machines to be running at the same time and transparently multiplexes resources between them
- 9. con The VMM also isolates the virtual machines from one another, preventing them from accessing each other’s memory or disk space. The operating system that runs inside of a virtual machine is traditionally referred to as the guest OS, and applications running on the guest OS are referred to as guest applications.
- 12. Types of VM Environments
- 13. Type 1 and Type 2 VM Type 1 architecture A Type I VMM runs directly on the physical hardware. It does not have an operating system running below it; the Type I VMM is fully responsible for scheduling and allocating of the system’s resources between virtual machines Type 2 architecture A Type II VMM runs as an application in a normal operating system. This operating system controls the real hardware resources, and is typically referred to as the ”Host OS.” The host OS has no knowledge of the Type II VMM, which is treated like any other process in the system. The operating system that runs inside of the Type II VMM is referred to as the ”Guest OS.” Examples of Type-II VMM include VMWare GSX (workstation) [SVL01], UML (User-Mode Linux) [Dik00], and FAUmachine [HWS04].
- 14. Con Type 1 con Type 2 Type II VMM is running inside of a standard operating system, any security vulnerabilities that lead to the compromise of the host OS will also give full control of the guest OS.
- 15. Virtual Environment Security Mechanisms The security of VM-based services rests on the assumption that the underlying trusted computing base (TCB) is also secure. If the TCB is compromised, then all bets are for the VM-based
- 16. Security of Virtual Machines In a Type I virtual machine, the trusted computing base is the virtual machine monitor. Some services also need to include the dedicated secure VM as part of TCB. The TCB is considered to be secure because “It is so simple that its implementation can be reasonably expected to be correct” Virtual machine monitors are only responsible for virtualizing the physical machine’s hardware and partitioning it into logically separate virtual machines
- 17. con Compared to a full operating system, which may have several million lines of code, VMMs have around 30,000 lines of code. Also, the secure VM typically has a reduced mini-OS without any unneeded services or components. In addition to having a small code base, the interfaces to VMM and the dedicated security VM are much simpler, more constrained, and better specified than a standard operating system. This helps reduce the risk of security vulnerabilities.
- 18. con a) Mandatory access control: MAC component runs in a separate VM and administrator can modify the security policy
- 19. con b) Para-virtualization:. the interface executed by the guest OS consist of three components: “memory management, CPU, and device I/O” and the guest OS is responsible for managing these resources.
- 20. con c) Policy considerations it is better to have proper guidelines and security policies which can be implemented dynamically in accordance with the change in the virtual environment.
- 21. d) Virtual Layer Vulnerabilities: Here the author Michael Price [4] discusses about the layered architecture of a virtual environment and how it play a major role in security issues. The fact that lower level layers can have control over the upper level layers if there is any malicious code or worm infected in the upper layer of the VM environment then those can be easily removed from the lower layers. But it becomes difficult to remove the malicious code if it infects the lower layer of the VM environment.
- 22. Benefits
- 23. a) Resource Utilization: VMM are going to be used by many users at same time. Therefore resource utilization mechanism should be strong.
- 24. con virtual box is a better solution when the students need to run multiple virtual machines concurrently on their personal computers in a decentralized fashion.
- 25. con b) Security: An important feature of virtualization is isolation. That is software running in one VM will not interact with another VM running is the same machine This gives a lot of security benefits.
- 26. con c) Robustness: Virtualization makes the system more robust .They become more fault tolerant. If there is any problem one VM the other VM is not at all affected. More than that if an attacker gains access to one VM then he should not be able to access the other VMs associated with the machine. Also Hardware failures can be tolerated using this mechanism of isolation
- 27. con d) Decomposition: Here once again the isolation mechanism plays an important role. Isolation can be used to decompose a system. An example, Each server may be running in different VMs on same physical machine. Decomposition has been an important step in the virtualization.
- 28. con E) Encapsulation: According to author Michael Price [4], security aspects is improved when we use the concept of encapsulation. He also believes that fact that the services running in virtual machines are easy to encapsulate and replicate. So the author says if we can build a risk free robust application or service it can be replicated and distributed. In that way even if there is any bug or attack on one application the other applications can still run.
- 29. f) Intrusion protection: Here the author Michael Price [4] brings the concept of clones. He talks about Signature based intrusion detection. Here the state of a system is determined by monitoring the system activity. Here he suggests that instead of looking for the patterns on the original machines, clones can be created and the events can be monitored [4]. Clones can be run in standby mode and then can be synchronized with the real machine and then the pattern of the clone activity can be monitored [4, 15].In this manner one need not compromise the real system
- 30. Security Risks in Virtualization
- 31. con a) Scaling: it is easy to replicate a VM or creating a copy is very easy.. a single fatal event or a single system attacked with worm or malicious code can be replicated which can cause destruction to the virtual environment.
- 32. con b) Transience: in a virtual environment large number of mobile machines comes and goes very frequently. Network with traditional machines were much more stable as it was easy to analyze the configuration of the existing network.
- 33. con d) Diversity: in a virtual environment it is difficult to enforce homogeneity in the network. Some of the VM will be running with new updated patches, but some will be still running with the older version of OS. If one has to migrate their machine from one version to another, being a very diverse environment it would be difficult to migrate all the system from older version to newer version
- 34. con e) Mobility: it is easy to copy VMs and it can give rise to security threats.