Security of OS-Level Virtualization Technologies

The need for flexible, low-overhead virtualization is evident on The need for flexible, low-overhead virtualization is evident on many fronts ranging from high-density cloud servers to mobile devices. During the past decade OS-level virtualization has emerged as a new, efficient approach for virtualization, with implementations in multiple different Unix-based systems. Despite its popularity, there has been no systematic study of OS-level virtualization from the point of view of security. In this paper, we conduct a comparative study of several OSlevel virtualization systems, discuss their security and identify some gaps in current solutions.

[1]  Yang Yang,et al.  Impacts of Virtualization Technologies on Hadoop , 2013, 2013 Third International Conference on Intelligent System Design and Engineering Applications.

[2]  Kang G. Shin,et al.  Performance Evaluation of Virtualization Technologies for Server Consolidation , 2007 .

[3]  Andrew Warfield,et al.  Xen and the art of virtualization , 2003, SOSP '03.

[4]  Ken Thompson,et al.  Plan 9 from Bell Labs , 1995 .

[5]  Jeremy Andrus,et al.  Cells: a virtual mobile smartphone architecture , 2011, SOSP '11.

[6]  Claudia Eckert,et al.  Improving mobile device security with operating system-level virtualization , 2015, Comput. Secur..

[7]  Claudia Eckert,et al.  Improving Mobile Device Security with Operating System-Level Virtualization , 2013, SEC.

[8]  Bowen Alpern,et al.  PDS: a virtual execution environment for software deployment , 2005, VEE '05.

[9]  Jason Nieh,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation , 2022 .

[10]  A. Kivity,et al.  kvm : the Linux Virtual Machine Monitor , 2007 .

[11]  Robert N. M. Watson,et al.  Capsicum: Practical Capabilities for UNIX , 2010, USENIX Security Symposium.

[12]  Peter Druschel,et al.  Resource containers: a new facility for resource management in server systems , 1999, OSDI '99.

[13]  Robert J. Creasy,et al.  The Origin of the VM/370 Time-Sharing System , 1981, IBM J. Res. Dev..

[14]  Yang Yu,et al.  A feather-weight virtual machine for windows applications , 2006, VEE '06.

[15]  David Pointcheval,et al.  Security analysis of pseudo-random number generators with input: /dev/random is not robust , 2013, CCS.

[16]  Serge E. Hallyn,et al.  Virtual servers and checkpoint/restart in mainstream Linux , 2008, OPSR.

[17]  Nathan Regola,et al.  Recommendations for Virtualization Technologies in High Performance Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[18]  John Paul Walters,et al.  A Comparison of Virtualization Technologies for HPC , 2008, 22nd International Conference on Advanced Information Networking and Applications (aina 2008).

[19]  Ken Thompson,et al.  The use of name spaces in plan 9 , 1992, EW 5.

[20]  C. Gwaltney,et al.  “Bring Your Own Device” (BYOD): The Future of Field-Based Patient-Reported Outcome Data Collection in Clinical Trials? , 2015, Therapeutic innovation & regulatory science.

[21]  Wayne Salamon,et al.  Implementing SELinux as a Linux Security Module , 2003 .

[22]  Daniel Price,et al.  Solaris Zones: Operating System Support for Consolidating Commercial Workloads , 2004, LISA.

[23]  Joseph Migga Kizza Virtualization Infrastructure and Related Security Issues , 2013 .

[24]  Jung P. Shim,et al.  Bring Your Own Device (BYOD): Current Status, Issues, and Future Directions , 2013, AMCIS.

[25]  César A. F. De Rose,et al.  Performance Evaluation of Container-Based Virtualization for High Performance Computing Environments , 2013, 2013 21st Euromicro International Conference on Parallel, Distributed, and Network-Based Processing.