1 / 22

Virtual Machine Security Systems

Virtual Machine Security Systems. Xin Zhao, Kevin Borders, Atul Prakash. Presented by Long Song 08/01/2013. Introduction. A virtual machine (VM) is a software based computer separate from the physical computer running in the machine, often called the host.

dane
Télécharger la présentation

Virtual Machine Security Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Machine Security Systems Xin Zhao, Kevin Borders, Atul Prakash Presented by Long Song 08/01/2013

  2. Introduction • A virtual machine (VM) is a software based computer separate from the physical computer running in the machine, often called the host. • A virtual machine (VM) is a logical process (most often an operating system) that interfaces with emulated hardware and is managed by an underlying control program. • The Virtual Machine runs programs in a Bytecode Interpreter.

  3. Overview of Virtual Machine Technology • Virtual machines have been in existence since the mid 1970’s. • Originally, virtual machines were run on mainframes to provide resource multiplexing and isolation. • Most modern virtual machine systems use the virtual machine monitor (VMM) model for managing and controlling individual virtual machines.

  4. Virtual Machine Types • Type I Lowest layer of software is VMM E.g., Xen, VAX VMM, etc. • Type II Runs on a host operating system E.g., VMWare, JVM, etc.

  5. Security Benefits • Abstraction • Isolation • State Restore • Transience • External Monitoring

  6. Abstraction • VMs abstract the hardware layer and each VM is allocated its own strictly bounded resources. This layer of abstraction provides additional security. When an attacker gains access to the hardware layer, they have full control over the computer. OSs restrict hardware access by abstracting the hardware details, which is why you can run the same OS on two machines with different hardware configurations. In other words, the OS interfaces directly with the hardware so that programmers and hackers cannot. VMs create a complete hardware and OS abstraction. A program run locally on a physical machine knows what OS it is running on.

  7. Abstraction of Physical Resources

  8. Isolation • The hypervisors segment physical resources into isolated entities and allow each guest OS to run independently. An attack on the VM should not affect any of the other VMs on the server or the host OS. This is unlike a multi-user OS, where all users can be affected by an attack.

  9. State Restore • VMs are touted for their ability to restore to a previous state. The contents of the virtual disk for each VM are usually stored as a file on the host. • Besides being a convenience, state restore helps to ensure data integrity and provides perfect virus removal.

  10. Transience • One often-overlooked security feature of VMs is their ability to be started remotely, which allows them to be turned on and made available only when needed.

  11. External Monitoring • Since VMs run on a subset of hardware resources, it is possible to observe VM resource usage and detect malicious software from outside the VM. Physical installations of OSs usually rely on installed virus protection.

  12. Security Maintenance • VM Sprawl • Unique Configurations • State Restore • Transience

  13. Security Vulnerabilities • Mobility • Hypervisor Intrusion • Hypervisor Modification • Communication • Denial of Service

  14. Mobility • Virtual machines are inherently not physical, which means their theft can take place without physical theft of the host machine. The contents of the virtual disk for each VM are stored as a file by most hypervisors, which allows VMs to be copied and run from other physical machines.

  15. Hypervisor Intrusion • The hypervisor provides the abstraction and resource allocation between the host and guests. • The hypervisor is a program, running on the host, so if it is compromised, all VMs it controls and the host itself are accessible to the attacker.

  16. Hypervisor Modification • It does not matter how secure the original hypervisor is if it can be externally modified to use the attacker’s software. One attack of this form is known as Virtual Machine Based Root Kits (VMBR).

  17. Communication • VM Communication can be used for “guest-to-guest” attacks, in which attackers use one VM to access or control other VMs on the same hypervisor. These attacks can happen with or without compromising the hypervisor layer. • A malicious VM can potentially access other VMs through shared memory, network connections, and other shared resources.

  18. VM Communication Attack on VM2 and VM3

  19. Denial of Service • DoS attacks are a threat to all servers, however an improperly configured hypervisor can allow a single VM to consume all resources, thus starving any other VM running on the same physical machine.

  20. Reference • http://www.cs.wustl.edu/~jain/cse571-09/ftp/vmsec.pdf • http://courses.cs.vt.edu/~cs5204/fall07-kafura/Papers/Virtualization/VMM-Security.pdf • http://www.cse.psu.edu/~tjaeger/cse497b-s07/slides/cse497b-lecture-26-virtualmachine.pdf • http://en.wikipedia.org/wiki/Virtual_machine • X. Jiang and D. Xu. Collapsar: A vm-based architecture for network attack detention center. In USENIX Security Symposium, pages 15–28. 2004.

  21. Thank You

More Related