Security Implications of Virtualization: A Literature Study

Server virtualization is a key technology for today's data centers, allowing dedicated hardware to be turned into resources that can be used on demand.However, in spite of its important role, the overall security impact of virtualization is not well understood.To remedy this situation, we have performed a systematic literature review on the security effects of virtualization. Our study shows that, given adequate management, the core virtualization technology has a clear positive effect on availability, but that the effect on confidentiality and integrity is less positive.Virtualized systems tend to lose the properties of location-boundedness, uniqueness and monotonicity.In order to ensure corporate and private data security, we propose to either remove or tightly manage non-essential features such as introspection, rollback and transfer.

[1]  Leendert van Doorn,et al.  Hardware virtualization trends , 2006, VEE '06.

[2]  Mikhail J. Atallah,et al.  Binding software to specific native hardware in a VM environment: the puf challenge and opportunity , 2008, VMSec '08.

[3]  Tal Garfinkel,et al.  What Virtualization Can Do for Security , 2007, Login: The Usenix Magazine.

[4]  Michael Jackson,et al.  Distributed Feature Composition: A Virtual Architecture for Telecommunications Services , 1998, IEEE Trans. Software Eng..

[5]  James E. Smith,et al.  The architecture of virtual machines , 2005, Computer.

[6]  Bernhard Jansen,et al.  Architecting Dependable and Secure Systems Using Virtualization , 2007, WADS.

[7]  Tavis Ormandy An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments Tavis , 2007 .

[8]  Richard T. Watson,et al.  Analyzing the Past to Prepare for the Future: Writing a Literature Review , 2002, MIS Q..

[9]  David Safford,et al.  I/O for Virtual Machine Monitors: Security and Performance Issues , 2008, IEEE Security & Privacy.

[10]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[11]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[12]  Tal Garfinkel,et al.  Virtual machine monitors: current technology and future trends , 2005, Computer.

[13]  Allan Tomlinson,et al.  Security consideration for virtualization , 2008 .

[14]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[15]  Wenke Lee,et al.  Lares: An Architecture for Secure Active Monitoring Using Virtualization , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[16]  Sergey Bratus,et al.  Traps, events, emulation, and enforcement: managing the yin and yang of virtualization-based security , 2008, VMSec '08.

[17]  Farnam Jahanian,et al.  Empirical Exploitation of Live Virtual Machine Migration , 2007 .

[18]  David Brown,et al.  The Virtualization Reality , 2006, ACM Queue.

[19]  J. IBMT.,et al.  virtualization and hardware-based security , 2009 .

[20]  Tal Garfinkel,et al.  When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , 2005, HotOS.

[21]  Matt Bishop,et al.  Virtual Machine Introspection: Observation or Interference? , 2008, IEEE Security & Privacy.

[22]  Steven J. Vaughan-Nichols,et al.  Virtualization Sparks Security Concerns , 2008, Computer.

[23]  Gil Neiger,et al.  Intel virtualization technology , 2005, Computer.