Virtual machine SecurityJacob Zvirikuzhe

background Current operating systems provide the process abstraction to

achieve resource sharing and isolation. From a security perspective, however, an attacker who has compromised one process can usually gain control of the entire machine. This makes security systems running on the same computer, such as anti-virus programs or intrusion detection systems, also vulnerable to attack. In response to the imperfect isolation between processes in modern operating systems, security researchers have begun to use virtual machine technology when designing security systems

By the end of this presentation you should be able to:1. Define a virtual machine and explain its architecture

2. Outline the types of the virtual machine environment

3. Explain virtual machine security mechanism

4. Evaluate the benefits and risks of using a VM

Def

A virtual machine(VM) is a logical process (most often an operating system) that interfaces with emulated hardware and is managed by an underlying control program.

The architecturez

hardware

Virtual Machine Monitor

Guest OSGuest OS

cont Most modern virtual machine systems use the virtual

machine monitor (VMM) model for managing and controlling individual virtual machines. The VMM is a thin software layer that runs directly on a physical machine’s hardware

con On top of the virtual machine monitor, there can be one or

more virtual machines The VMM provides each virtual machine with a set of virtual

interfaces that resemble direct interfaces to the underlying hardware. Applications on a virtual machine can run without modification as if they were on running on a dedicated physical machine

con The VMM allows multiple virtual machines to be running at

the same time and transparently multiplexes resources between them

con The VMM also isolates the virtual machines from one

another, preventing them from accessing each other’s memory or disk space. The operating system that runs inside of a virtual machine is traditionally referred to as the guest OS, and applications running on the guest OS are referred to as guest applications.

Types of VM Environments

Type 1 architecture Type 2 architecture

Type 1 and Type 2 VM

A Type I VMM runs directly on the physical hardware. It does not have an operating system running below it; the Type I VMM is fully responsible for scheduling and allocating of the system’s resources between virtual machines

A Type II VMM runs as an application in a normal operating system. This operating system controls the real hardware resources, and is typically referred to as the ”Host OS.” The host OS has no knowledge of the Type II VMM, which is treated like any other process in the system. The operating system that runs inside of the Type II VMM is referred to as the ”Guest OS.” Examples of Type-II VMM include VMWare GSX (workstation) [SVL01], UML (User-Mode Linux) [Dik00], and FAUmachine [HWS04].

Type 1 Type 2

Con

con Type II VMM is running inside of a standard operating system, any security vulnerabilities that lead to the compromise of the host OS will also give full control of the guest OS.

Virtual Environment Security Mechanisms

The security of VM-based services rests on the assumption that the underlying trusted computing base (TCB) is also secure. If the TCB is compromised, then all bets are for the VM-based

Security of Virtual Machines In a Type I virtual machine, the trusted computing base is the

virtual machine monitor. Some services also need to include the dedicated secure VM as part of TCB. The TCB is considered to be secure because “It is so simple that its implementation can be reasonably expected to be correct” Virtual machine monitors are only responsible for virtualizing the physical machine’s hardware and partitioning it into logically separate virtual machines

con Compared to a full operating system, which may have

several million lines of code, VMMs have around 30,000 lines of code. Also, the secure VM typically has a reduced mini-OS without any unneeded services or components.

In addition to having a small code base, the interfaces to VMM and the dedicated security VM are much simpler, more constrained, and better specified than a standard operating system. This helps reduce the risk of security vulnerabilities.

cona) Mandatory access control: MAC component runs in a separate VM and administrator

can modify the security policy

conb) Para-virtualization:. the interface executed by the guest OS consist of three

components: “memory management, CPU, and device I/O” and the guest OS is responsible for managing these resources.

conc) Policy considerations it is better to have proper guidelines and security policies

which can be implemented dynamically in accordance with the change in the virtual environment.

d) Virtual Layer Vulnerabilities: Here the author Michael Price [4] discusses about the layered architecture of a virtual environment and how it play a major role in security issues.

The fact that lower level layers can have control over the upper level layers if there is any malicious code or worm infected in the upper layer of the VM environment then those can be easily removed from the lower layers. But it becomes difficult to remove the malicious code if it infects the lower layer of the VM environment.

Benefits

a) Resource Utilization: VMM are going to be used by many users at same time. Therefore resource utilization mechanism should be strong.

convirtual box is a better solution when the students need to run multiple virtual machines concurrently on their personal computers in a decentralized fashion.

con b) Security: An important feature of virtualization is isolation.

That is software running in one VM will not interact with another VM running is the same machine This gives a lot of security benefits.

con c) Robustness: Virtualization makes the system more

robust .They become more fault tolerant. If there is any problem one VM the other VM is not at all affected. More than that if an attacker gains access to one VM then he should not be able to access the other VMs associated with the machine. Also Hardware failures can be tolerated using this mechanism of isolation

con d) Decomposition: Here once again the isolation mechanism

plays an important role. Isolation can be used to decompose a system. An example, Each server may be running in different VMs on same physical machine. Decomposition has been an important step in the virtualization.

con E) Encapsulation: According to author Michael Price [4],

security aspects is improved when we use the concept of encapsulation. He also believes that fact that the services running in virtual machines are easy to encapsulate and replicate. So the author says if we can build a risk free robust application or service it can be replicated and distributed. In that way even if there is any bug or attack on one application the other applications can still run.

f) Intrusion protection: Here the author Michael Price [4] brings the concept of clones. He talks about Signature based intrusion detection. Here the state of a system is determined by monitoring the system activity. Here he suggests that instead of looking for the patterns on the original machines, clones can be created and the events can be monitored [4]. Clones can be run in standby mode and then can be synchronized with the real machine and then the pattern of the clone activity can be monitored [4, 15].In this manner one need not compromise the real system

Security Risks in Virtualization

con a) Scaling: it is easy to replicate a VM or creating a copy is

very easy.. a single fatal event or a single system attacked with worm or

malicious code can be replicated which can cause destruction to the virtual environment.

con b) Transience: in a virtual environment large number of

mobile machines comes and goes very frequently. Network with traditional machines were much more stable as it was easy to analyze the configuration of the existing network.

con d) Diversity: in a virtual environment it is difficult to enforce

homogeneity in the network. Some of the VM will be running with new updated patches, but some will be still running with the older version of OS.

If one has to migrate their machine from one version to another, being a very diverse environment it would be difficult to migrate all the system from older version to newer version

con e) Mobility: it is easy to copy VMs and it can give rise to

security threats.

refhttp://www.ukessays.co.uk/essays/engineering/virtual-machine-security.php#ixzz2pMwQnp5W

m.jzvirikuzhe.com/virtual_machines