On state of the art in virtual machine security

Data centers and computing service providers are striving to improve the utilization of their computing resources. This is primarily due to the need of resources to be more economical and power efficient. Virtualization is one of the concepts that provide flexibility to host multiple operating system stacks on a single hardware. By effectively partitioning the computing resources, it reduces the total number of physical servers and consolidates several services on a single physical rack. Each virtual machine behaves like an independent machine (may be duplicate of the original one) while the scheduling of hardware resources among different virtual machines is performed with the help of a Virtual Machine Monitor (VMM). Proliferation of virtual machines in the enterprise architecture creates need for identification of potential security risks as well as appropriate solutions for the identified risks to ensure the integrity of the underlying applications hosted at the virtual machines. This paper describes available virtualization technologies, corresponding security vulnerabilities, and available solutions.

[1]  John P. McDermott,et al.  A formal security policy for xenon , 2008, FMSE '08.

[2]  Matt Bishop,et al.  Virtual Machine Introspection: Observation or Interference? , 2008, IEEE Security & Privacy.

[3]  Wenke Lee,et al.  A layered approach to simplified access control in virtualized systems , 2007, OPSR.

[4]  Matías Zabaljáuregui Grid Operating Systems / Middlewares and New Virtualization Techniques , 2009 .

[5]  T. Williams,et al.  A virtual reality based interface to a dynamic resource allocation scheduler , 1995, Proceedings of Tenth International Symposium on Intelligent Control.

[6]  Peng Ning,et al.  Managing security of virtual machine images in a cloud environment , 2009, CCSW '09.

[7]  Stefan Berger,et al.  Building a MAC-based security architecture for the Xen open-source hypervisor , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[8]  Yeping He,et al.  Verifying the Safety of Xen Security Modules , 2011, 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement - Companion.

[9]  Michael T. Hoesing Virtualization Security Assessment , 2009, Inf. Secur. J. A Glob. Perspect..

[10]  R. Sailer,et al.  sHype : Secure Hypervisor Approach to Trusted Virtualized Systems , 2005 .

[11]  Paul A. Karger,et al.  Multi-level security requirements for hypervisors , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[12]  Enrico Schiattarella Introduction to Storage Area Networks , 2002 .

[13]  Tal Garfinkel,et al.  A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.

[14]  Yoshiyasu Takefuji,et al.  A Real-time Integrity Monitor for Xen Virtual Machine , 2006, International conference on Networking and Services (ICNS'06).

[15]  Geoffrey Strongin Trusted computing using AMD "Pacifica" and "Presidio" secure virtual machine technology , 2005, Inf. Secur. Tech. Rep..

[16]  Zhang Xiao,et al.  Research on security of storage area network , 2004, InfoSecu '04.

[17]  Security Hardening - VMware Infrastructure 3 (VMware ESX 3.5 and VMware VirtualCenter 2.5) , 2006 .

[18]  Shudong Zhou Virtual networking , 2010, OPSR.

[19]  Yoshiyasu Takefuji,et al.  A novel approach for a file-system integrity monitor tool of Xen virtual machine , 2007, ASIACCS '07.

[20]  Tavis Ormandy An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments Tavis , 2007 .

[21]  Justin Cappos,et al.  Proper: Privileged Operations in a Virtualised System Environment , 2005, USENIX Annual Technical Conference, General Track.

[22]  Weimin Zheng,et al.  The Application of Virtual Machines on System Security , 2009, 2009 Fourth ChinaGrid Annual Conference.

[23]  Tal Garfinkel,et al.  When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , 2005, HotOS.

[24]  J. Reuben,et al.  A Survey on Virtual Machine Security , 2007 .