Virtual Machine Security

Virtual Machine Security

ABSTRACT

In today's commercial world, virtualization plays a major role. One need not waste resources or dedicate different hardware for different services. With VM it is possible to run multiple operating systems on a single physical machine. Virtualization by virtue has certain security benefits over traditional machines. Also at the same time, its dynamic properties make it vulnerable to security attacks. This paper is going to talk about the basic, layered architecture of virtual environment and discuss about various security benefits of virtualization. This paper will also throw light on various vulnerability issues of virtualization and finally about various steps to be taken and various available commercial tools to secure the virtual environment.

INTRODUCTION

A virtual machine is nothing but an application which creates an environment where a virtual hardware is provided for the operating system to run. Such an environment is called virtualization or VM environment. Virtual machines are very useful for deploying multiple operating systems on a single machine. Such virtual machine which allocates the resource of the host to the virtual OS is called [1] hypervisors or virtual machine monitors (VMM). With VMM it is possible to execute multiple processes on one computer where each of these processes runs in different operating system. This allows multiple applications run on different operating systems. With virtualization the host computer and the software application running on it are isolated so this software is compatible with a number of platforms.

VMM provides the same interface as the existing hardware. According to the authors [2] this interface can be used by the users with their current operating systems, applications and management tools. The virtual equivalents replace the real hardware, desktops and servers. With virtual machines it is easy for the users to do various manipulations like copy, save (checkpoint), read and modify, share, migrate and roll back the execution state of machines.

According to Steven J [1] the host machine's resource s are allocated by the hypervisor, or the VMM, separately for each operating system or for process running on a virtualized OS. Once this is done the hypervisor emulates a hardware device for each virtual operating system and handles each OS's communications with the CPU, the storage medium, and the network. [3] Most virtual machines use virtualized network connections to speak with one another [1].

On one hand virtualization gives tremendous flexibility to the users and on the other hand undermines the security mechanism of existing systems. Some of the useful mechanism like rollback can prove harmful to existing security systems. [4]

This paper will go through concepts and benefits of virtualization and then knowing all the benefits provided by virtualization the paper will discuss about various advantage and disadvantage on virtual machine security and also will explore how virtual environments has evolved to meet these challenges.

Types of VM Environments

The entire purpose of knowing the VM environment and its layer diagram is to discuss both the advantages and disadvantages of virtual machine security.

According to the Michael Price [4] there are two basic types of virtual machine environment, type-I and type-II environment. Both Type-I and Type-II environment is shown below in 1a and 1b taken from Michael Price [4].

Type-I environment is mostly suitable for Unix-style server or workstation environments. They are the software system which controls the hardware and monitors the guest operating systems by running directly on the host's hardware [4].

Type-II [4] environment runs within the host Operating system itself. This is kind of very popular in the industry because it is easy for the VM to use the host for its driver and bootstrap code [4, 11].

With all these features, this technology has become very powerful and is now come into use in various fields [4]. Being widely used it has now also become the interest of attack for the hackers. According to the author Michael Price [4] Modern virtualization has become a major tool in the industry and is now primarily a solution for security, reliability, and administration.

As virtualization becomes more pervasive the vulnerabilities and the attack on it increases [2]. According to author virtualization need a new concept of security different from the traditional security mechanism to combat the threats. Also there are some mechanisms available that are tested by the researchers and have been implemented.

Virtual Environment Security Mechanisms

[4] According to the author Michael Price the VM provides a separate layer of control where mechanisms like intrusion detection and encapsulation can be implemented. With reference to the presented by the author [4] some of the approaches he discusses are Mandatory access control, policy considerations, and Para-virtualization.

a) Mandatory access control: Here the author Michael Price [4] talks about implementation of security policies in a VM environment using mandatory access control (MAC). He says that the MAC component runs in a separate VM and administrator can modify the security policy in accordance to the [4, 19] reference monitor.

After defining the security policies it is applied to the users [4, 19]. Then the author Michael Price gives an example of sHype an IBM's VMM and talks about various computing methods used by sHype to “protects itself” [4, 19].

b) Para-virtualization: Here the author Michael Price [4] says that concept of para-virtualization gives an upper hand over the traditional virtualization by reducing the overhead for the VMM. He [4] says about the concept of VM abstraction where most of the VM interface is executed by the guest OS. He [4, 20] takes an example of Xen hypervisor and talks how this concept has been implemented.

According [20] the author Michael Price [4] believes that the interface executed by the guest OS consist of three components: “memory management, CPU, and device I/O” [4] and the guest OS is responsible for managing these resource s.

c) Policy considerations: According to the author Michael Price [4] it is better to have proper guidelines and security policies which can be implemented dynamically in accordance with the change in the virtual environment. He [4] believes that such an implementation can reduce security threats. So he believes that there should be another administrative layer which can monitor the changes in the virtual environment and modify the security policies [4].

d) Virtual Layer Vulnerabilities: Here the author Michael Price [4] discusses about the layered architecture of a virtual environment and how it play a major role in security issues.

[4, 21] The fact that lower level layers can have control over the upper level layers if there is any malicious code or worm infected in the upper layer of the VM environment then those can be easily removed from the lower layers. But [4, 21] it becomes difficult to remove the malicious code if it infects the lower layer of the VM environment.

Security Benefits of Virtualization

In a virtual environment multiple virtual machines are controlled by VMM through a software abstraction of the underlying hardware. There are many advantages of virtualization over the traditional desktop and traditional servers. That is why it is been widely used now. The next big talk is virtualization forms the basis of cloud computing.

According to Chris Matthews and Yvonne Coady [9] some of the advantages and benefits of virtualization like resource utilization, robustness and decomposition are discussed below.

a) Resource Utilization: VMM are going to be used by many users at same time. Therefore resource utilization mechanism should be strong. [10] Another important mechanism is the sharing of hardware resources in a securely multiplexed manner.

To explain this authors in [9] gives an example where a there is a machine on which virtualization has to be implemented and the machine consist of four processors. If in a case where a database running in a VM uses two of the processors then one can parallel run a second instance of that VM and utilize the other two processors.

Due these many advantages traditional technology is getting virtualized. One such field is education. Author Peng Li [8] had discussed about using virtualization technology for education purpose. He compares virtual box and VMware and for educational courses. He comes to a conclusion that virtual box is a better solution when the students need to run multiple virtual machines concurrently on their personal computers in a decentralized fashion. But at the same time virtual box utilizes more resource s and only students with higher end machines can use it. But when things have to be done in a centralized fashion VMware is a better solution [8].

b) Security: An [9] important feature of virtualization is isolation. That is software running in one VM will not interact with another VM running is the same machine [9, 12]. This gives a lot of security benefits. According to the authors Chris Matthews, Yvonne Coady with virtualization one can have privacy between VMs and the attack are only on the shared and exposed resources used by both the VMs [9]. Such properties like isolation makes Virtual machines act as testing and assertion models [9, 13].

c) Robustness: Virtualization makes the system more robust [9]. They become more fault tolerant. If there is any problem one VM the other VM is not at all affected. More than that if an attacker gains access to one VM then he should not be able to access the other VMs associated with the machine. Also Hardware failures can be tolerated using this mechanism of isolation [9, 14].

d) Decomposition: Here once again the isolation mechanism plays an important role. Isolation can be used to decompose a system. An example given by the authors Chris Matthews, Yvonne Coady [9] is a web-server and an email-server existing in the same physical machine. Each server may be running in different VMs on same physical machine. Decomposition has been an important step in the virtualization.

Decomposition has leaded to solve many incompatibility issues and security issues [9]. Also the authors says that two separate services can now be used with single physical machine without being worried about their privacy and since each server is running on a different platform it allows coarse-granularity of reasoning along the lines of separation of concerns [9].

According to Edward Ray, Eugene Schultz [7] virtualization offers information security.

If an attacker tries to access any information using any malware, the property of isolation can be used to keep the user applications and data secure and protected from the malicious software. Also he says that if any attacker is successful in infecting an application in one VM, the effect would not be seen in any other application or data in other VMs [7].

e) Encapsulation: According to author Michael Price [4], security aspects is improved when we use the concept of encapsulation. He also believes that fact that the services running in virtual machines are easy to encapsulate and replicate. So the author says if we can build a risk free robust application or service it can be replicated and distributed [4]. In that way even if there is any bug or attack on one application the other applications can still run.

f) Intrusion protection: Here the author Michael Price [4] brings the concept of clones. He talks about Signature based intrusion detection. Here the state of a system is determined by monitoring the system activity. Here he suggests that instead of looking for the patterns on the original machines, clones can be created and the events can be monitored [4]. Clones can be run in standby mode and then can be synchronized with the real machine and then the pattern of the clone activity can be monitored [4, 15].In this manner one need not compromise the real system

Security Risks in Virtualization

Here the paper discusses various disadvantages and vulnerabilities due to virtualization. Even some of the features which were discussed as an advantage may also prove to be fatal.

Discussed below are various risks due to virtualization, like [2] scaling, transience, software lifecycle, diversity, [4] virtual layer vulnerabilities, [1] operating system vulnerabilities, etc.

a) Scaling: Here the authors Tal Garfinkel, Mendel Rosenblum [2] says that it is easy to replicate a VM or creating a copy is very easy. So they say that it would be difficult and taxing if there is a rapid change in the virtual environment. They also [2] bring out the fact that a single fatal event or a single system attacked with worm or malicious code can be replicated which can cause destruction to the virtual environment.

b) Transience: Here the Tal Garfinkel, Mendel Rosenblum [2] discuss about the fact that in a virtual environment large number of mobile machines comes and goes very frequently. They also compare the state of the network with virtualization with those with traditional machines. They [2] say that network with traditional machines were much more stable as it was easy to analyze the configuration of the existing network.

[2] In case of traditional network we can save the steady state point of a network but in case of virtual machine steady state is never be reached. The authors [2] say that when some of the machines in the network are affected by a worm or malicious code, in case of traditional network the machines in attack can be easily identified and the network can be reset to the saved steady state. But in case of virtual network this cannot be done, on top of that the machines affected are [2] replicated and the worm is easily spread across the network.

c) Software Lifecycle: Here the authors Tal Garfinkel, Mendel Rosenblum [2] introduces the concept of software lifecycle. They say that the lifecycle is a monotonous straight line for the traditional machines where the machine state starts with their creation and goes through various stages, configurations, patch updates and keeps travelling as a straight line. They [2] compare this straight line with that of virtual machine. According to the authors in a virtual environment at any point of time a single node can branch in to N number of nodes [2]. At any point of time these N node can do a rollback to their previous state making it difficult to plot a proper cycle.

They [2] say that such dynamic change in the network and software cycles have vulnerable security threats. In a virtual network when there is a rollback the old patches may be removed, the system may become vulnerable to old attacks and worms which were removed previously, it may also re-enable previously disabled password, keys, and user accounts [2].

d) Diversity: Here the authors Tal Garfinkel, Mendel Rosenblum [2] says that in a virtual environment it is difficult to enforce homogeneity in the network. Some of the VM will be running with new updated patches, but some will be still running with the older version of OS. If [2] one has to migrate their machine from one version to another, being a very diverse environment it would be difficult to migrate all the system from older version to newer version.

They also bring out the fact that if a diverse network is infected by some worm or malicious code it would be difficult to fix all the system at same time. And suppose if we fix existing system today, the next day [2] old infected systems may replicate and infect the network again.

e) Mobility: Here the authors Tal Garfinkel, Mendel Rosenblum [2] says it is easy to copy VMs and it can give rise to security threats. They talk about trusted computing base (TCB) and say that in a virtual network the TCB consists of list of all the hosts on which the VM is running [2].

The authors say if there is any problem in the history of the TCB then it is very difficult find out how far the compromise has been extended. This is the same in case of worm infection [2].

The authors bring in light another major issue of mobility. They say if a VM is moved from a home machine of unknown configuration to a secured environment it is a big risk [2, 16, 17].

f) Identity: Here the authors Tal Garfinkel, Mendel Rosenblum [2] compare the identity of traditional machines in the network with that of VM. For traditional machine network each physical machine is identified by its MAC address. By this way it is easy to identify a machine and to track the infected machine and the cause of infection. But in case of Virtual environment the MAC address is generated randomly [2].

The authors argue that it is difficult to identify a specific VM with their port numbers as it is difficult to find out who is running the VM at the host. Also there may be many VM running on a single host, on a single port so shutting down a port in case of infection will shut down all the VMs running on that port [2].

They also talk about one more disadvantage about assigning responsibilities [2]. Since it is very difficult to maintain the history of ownership of a VM, one cannot identify an owner to a VM. So assigning responsibility is difficult [2].

g) Data Lifetime: Here the authors Tal Garfinkel, Mendel Rosenblum [2, 18] refers to [18] and says that the principle of secured system to minimize the time of existence of sensitive data in the system. In case of VMM this is a very critical case. According to the authors in VMMs often when a data is deleted and there is a rollback, the deleted sensitive data reappears [2, 18]. This makes the data lifetime almost infinity in worst case scenario making the system very less secure [2]. This is the same with deleted passwords, user accounts, private keys etc. once there is a rollback all these data again appears in open. Now [2] due to mobility of VM these sensitive data can spread all across the network.

Above we saw various security issues which can bring down a well functioning virtual network. In any commercial sector security is a key issue. Let us see various products and tools which exist to mitigate such security threats on virtualization environment.

According to the authors Steven J. Vaughan-Nichols [1] “commercial virtualization” has recently started growing in a good pace. And Kusnetzky said that since it is new, not much security tools and approaches have come up.

Even [1] vendors are releasing security tools, which are specific to particular VMs. So if a physical machine or server has 2 or more types of VM running on it, then each one of them needs a different tool to secure them [1].

The author presents -2 [1] and talks about the Blue Lane virtual-shield which is used only by VMware to secure their virtualization systems. From the presented by the author it can be inferred that Blue Lane Virtual Shield forms a layer between the hypervisors and the virtual machines. [1] This layer can now be extended to ace all the security threats and vulnerabilities.

The author [1] also talks about another product, Reflex Security's VSA which provides intrusion detection and antispyware products with graphical interface for VMware ESX and Xen virtualization systems.

Approaches for Virtualization Security

According to authors Edward Ray, Eugene Schultz [7] it is essential to secure the environment before even deploying the VMs. They says that it is necessary to first analyze and decide the type of virtual environment an organization needs [7] and also the security policies for various VMs and virtual software must be decided.

The security standards and policies that were used with traditional physical machine networks will not be suitable with virtual machine in a virtual environment [7]. The authors feel that one should first focus on the physical security before one trying to secure the logic and virtual environment as if an attacker is successful in accessing or stealing a [7] physical drive from the network logical security will not prevent him from replicating or misusing it.

Once all the steps have been completed we can start protecting our VM-kernel, VM-OS by deciding on the products or tools to purchased [7].

Conclusion

Virtualization is becoming a hot technology and is being used by a number of organizations. Virtualization has proved to be cost effective for various commercial industries. Its features like efficient utilization of resource, robustness and encapsulation has made it popular among technologies. On the other hand virtualization has some disadvantages which can make the environment vulnerable to security attacks.

I feel that virtualization is definitely an evolution in the field of computers. We should definitely exploit the benefits of virtualization to the fullest. At the same time we also need to keep in minds the weakness to avoid threats. I infer that if we take precautionary measures before deploying the VMs we would more likely to avoid security risks.

If we analyze the virtual environment and frame suitable security policies before the VMs are deployed and choose proper tools suitable to mitigate attacks we can enjoy the essence of virtualization.

References

[1] Steven J. Vaughan-Nichols, “ Virtualization Sparks Security Concerns," IEEE Computer Society Press Los Alamitos, CA, USA , vol. 41, no. 8, pp. 13-15 , 2008.

[2] Tal Garfinkel, Mendel Rosenblum, "When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments," Proceedings of the 10th conference on Hot Topics in Operating Systems, vol. 10, pp. 20 - 20, 2005

[3] Ivan Arce, " Ghost in the Virtual Machine," IEEE Educational Activities Department Piscataway, NJ, USA, vol. 5, no. 4, pp. 68-71, July-Aug. 2007.

[4] Michael Price , " The Paradox of Security in Virtual Environments," IEEE Computer Society Press Los Alamitos, CA, USA , vol. 41, no. 11, pp. 22-28, November 2008.

[5] Jörg Brakensiek, Axel Dröge, Martin Botteck, Hermann Härtig, Adam Lackorzynski, " Virtualization as an enabler for security in mobile devices," Proceedings of the 1st workshop on Isolation and integration in embedded systems, Glasgow, Scotland , pp. 17-22, 2008 .

[6] Paul A. Karger, " Securing virtual machine monitors: what is needed?," Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, no. 1, 2009.

[7] Edward Ray, Eugene Schultz, " Virtualization security," Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, no. 42, 2009.

[8] Peng Li, " Selecting and using virtualization solutions: our experiences with VMware and VirtualBox," Journal of Computing Sciences in Colleges, vol. 25, no. 3, pp. 11-17, January 2010.

[9] Chris Matthews, Yvonne Coady, " Virtualized Recomposition: Cloudy or Clear?," IEEE Computer Society, Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 38-43, 2009.

[10] Gernot Heiser, Volkmar Uhlig, Joshua LeVasseur, " Are Virtual Machine Monitors Microkernels Done Right?," ACM SIGOPS Operating Systems Review, vol. 40, no. 1, pp. 95 - 99 , January 2006.

[11] T. Garfinkel and M. Rosenblum, “A Virtual Machine Introspection-Based Architecture for Intrusion Detection,” Proc. Network and Distributed Systems Security Symp. (NDSS 03), the Internet Society, 2003, pp. 191-206.

[12] M. Vrable, J. Ma, J. Chen, D. Moore, E. Vandekieft, A. C. Snoeren, G. M.Voelker, and S. Savage, “Scalability, fidelity, and containment in the potemkin virtual honeyfarm,” in SOSP '05: Proceedings of the twentieth ACM symposium on Operating systems principles. New York, NY, USA: ACM, 2005, pp. 148-162.

[13] Dunlap, G. W.; King, S. T.; Cinar, S.; Basrai, M. A. & Chen, P. M. “ReVirt: enabling intrusion analysis through virtual-machine logging and replay” SIGOPS Oper. Syst. Rev., ACM, 2002, 36, 211-224

[14] T. C. Bressoud and F. B. Schneider, “Hypervisorbased fault tolerance,” in SOSP '95: Proceedings of the fifteenth ACM symposium on Operating systems principles. New York, NY, USA: ACM, 1995, pp.1-11.

[15] P.M. Chen and B.D. Noble, “When Virtual Is Better than Real,” Proc. 8th Workshop Hot Topics in Operating Systems (HotOS-VIII), IEEE CS Press, 2001, pp. 133-138.

[16] M. Kozuch and M. Satyanarayanan. Internet suspend/resume. In Forth IEEE Workshop on Mobile Computing Systems and Applications, pages 40-, 2002

[17] C. Sapuntzakis and M. S. Lam. Virtual appliances in the Collective: A road to hassle-free computing. In (HOTOS-XI), May 2003.

[18] T. Garfinkel, B. Pfaff, J. Chow, and M. Rosenblum. Data lifetime is a systems problem. In Proc. 11th ACM SIGOPS European Workshop, September 2004.

[19] R. Sailer et al., “Building a General-Purpose Secure Virtual Machine Monitor,” tech. report RC23537 (W0502-132), 25 Feb. 2005, IBM Research.

[20] P. Barham et al., “Xen and the Art of Virtualization,” Proc. 19th ACM Symp. Operating Systems Principles (SOSP 03), ACM Press, 2003, pp. 164-177.

[21] S.T. King et al., “SubVirt: Implementing Malware with Virtual Machines,” Proc. 2006 IEEE Symp. Security and Privacy (SP 6), IEEE CS Press, 2006, pp. 314-327.

Please be aware that the free essay that you were just reading was not written by us. This essay, and all of the others available to view on the website, were provided to us by students in exchange for services that we offer. This relationship helps our students to get an even better deal while also contributing to the biggest free essay resource in the UK!