Docstoc

Virtual Machine approach to Security

Document Sample
Virtual Machine approach to Security Powered By Docstoc
					Virtual Machine approach to
          Security
  Gautam Prasad and Sudeep Pradhan
             10/05/2010
               CS 239
                UCLA
         Virtual Machine and Virtual
                Infrastructure
• A virtual machine is a tightly isolated software container that
  can run its own operating systems and applications as if it
  were a physical computer.
• A virtual infrastructure lets you share your physical resources
  of multiple machines across your entire infrastructure.
• In a virtual Infrastructure, many virtual machines interact with
  each other, are created and destroyed dynamically and move
  from one physical hardware to another seamlessly.
• We call the physical system which provides virtualization as
  Host.
• Virtual Machine and its Operating system is called the guest.
    Properties of Virtual Infrastructure
•    Decouples software environment from its underlying hardware infrastructure
     so one can aggregate multiple servers, storage infrastructure and networks
     into shared pools of resources. (Scaling, Mobility)
•    Virtual Machines can be deployed on an ad hoc basis, and destroyed when
     their purpose is served. (Transience, Diversity)
•    Virtual machines can be provisioned using a template, thus 100s of VMs can
     be spawned in a short time.(Scaling, Diversity, Lifecycle)
•    State of the virtual machine (or a group of virtual machines) can be check-
     pointed and reverted whenever necessary.(Software Lifecycle, Data Lifetime)
•    Resources in a virtual infrastructure can be scheduled dynamically for
     maintenance of part of the infrastructure. (Mobility)

•    These properties of a Virtual Infrastructure makes it difficult to apply the traditional
     Computer security methods.
 Risks mentioned in Gartner Report on
        Virtualization Security
• Information Security Isn't Initially Involved in the Virtualization
  Projects
• A Compromise of the Virtualization Layer Could Result in the
  Compromise of All Hosted Workloads
• The Lack of Visibility and Controls on Internal Virtual Networks
  Created for VM-to-VM Communications Blinds Existing Security
  Policy Enforcement Mechanisms
• Workloads of Different Trust Levels Are Consolidated Onto a Single
  Physical Server Without Sufficient Separation
• Adequate Controls on Administrative Access to the
  Hypervisor/VMM Layer and to Administrative Tools Are Lacking
• There Is a Potential Loss of Separation of Duties for Network and
  Security Controls
          New approach to security
• Dedicated infrastructure for enforcing security policies
  provided by ubiquitous virtualization layer
• Ubiquity will give more control to administrators to
  control the features like mobility and data lifetime.
• Moving security and management functions from
  guest to host(virtualization layer) has several benefits
  like:
   –   Delegating management
   –   Guest OS independence
   –   Life cycle independence
   –   Securely supporting diversity
                  Sandbox
• A virtual machine can be used to create a
  sandbox that is a restricted environment with
  limited resources on the host machine.
• Untrusted code can be run in this
  environment to protect the host machine.
• This is the original security model provided by
  the Java platform
               Data Security
• Virtualization of systems allows them to have
  a consistent patch level and configuration
• It can isolate different workloads in the host
  machine
• This is an important aspect in security for the
  vitualisation enabled cloud computing
            Intrusion Detection
• Intrusion Detection Systems (IDS) are venerable
  to attack when they reside on the host machine
• A network based IDS has less information about
  what is happening to the host
• A virtual machine monitor (VMM) can be used to
  inform a network based IDS mediate both
  hardware and software interactions on the host
  machine
• The operations of the virtual machine on the host
  can be logged for analysis later without relying on
  the integrity of the host operating system
                     Problems
• Logging using Virtual Machine Monitors can make
  sensitive data persist on a virtual machine
• Once a Virtual Machine is infected it has full access to
  the host machine as opposed to infecting the host
  machine’s OS
• Establishing the identity of a Virtual machine can be
  difficult because of their mobility between systems and
  dynamic creation of the machines
• Because of the ease of creating more VMs it can be
  difficult to manage them and keep them secure
• Transient nature so a machine can briefly appear and
  infect others and then disappear

				
DOCUMENT INFO