Virtualization & Cloud Security: Part-2 (original) (raw)

TCG Based Approach for Secure Management of Virtualized Platforms State-ofthe-art ( June 05 , 2010 )

2010

There is a strong trend shift in the favor of adopting virtualization to get business benefits. The provisioning of virtualized enterprise resources is one kind of many possible scenarios. Where virtualization promises clear advantages it also poses new security challenges which need to be addressed to gain stakeholders confidence in the dynamics of new environment. One important facet of these challenges is establishing ‘Trust’ which is a basic primitive for any viable business model. The Trusted computing group (TCG) offers technologies and mechanisms required to establish this trust in the target platforms. Moreover, TCG technologies enable protecting of sensitive data in rest and transit. This report explores the applicability of relevant TCG concepts to virtualize enterprise resources securely for provisioning, establish trust in the target platforms and securely manage these virtualized Trusted Platforms.

TCG based approach for secure management of virtualized platforms: state-of-the-art

2010

There is a strong trend shift in the favor of adopting virtualization to get business benefits. The provisioning of virtualized enterprise resources is one kind of many possible scenarios. Where virtualization promises clear advantages it also poses new security challenges which need to be addressed to gain stakeholders confidence in the dynamics of new environment. One important facet of these challenges is establishing 'Trust' which is a basic primitive for any viable business model. The Trusted computing group (TCG) offers technologies and mechanisms required to establish this trust in the target platforms. Moreover, TCG technologies enable protecting of sensitive data in rest and transit. This report explores the applicability of relevant TCG concepts to virtualize enterprise resources securely for provisioning, establish trust in the target platforms and securely manage these virtualized Trusted Platforms.

Identifying and Analyzing Security Threats to Virtualized Cloud Computing Infrastructure

A multi-tenant Cloud Computing Infrastructure (CCI) consists of several Virtual Machines (VMs) running on same physical platform by using virtualization techniques. The VMs are monitored and managed by kernel based software i.e. Virtual Machine Monitor (VMM) or hypervisor which is main component of Virtualized Cloud Computing Infrastructure (VCCI). Due to software based vulnerabilities, VMMs are compromised to security attacks that may take place from inside or outside attackers. In order to formulate a secure VCCI, VMM must be protected by implementing strong security tools and techniques such as Encryption and Key Management (EKM), Access Control Mechanisms (ACMs), Intrusion Detection Tools (IDTs), Virtual Trusted Platform Module (vTPM), Virtual Firewalls (VFs) and Trusted Virtual Domains (TVDs). In this research paper we describe the techniques of virtualizing a CCI, types of attacks on VCCI, vulnerabilities of VMMs and we critically describe the significance of security tools and techniques for securing a VCCI. FO R FO RMULATING A SECURE VCCI The security tools and techniques discussed in previous section have been implemented by various researchers to design and develop secure VCCI. This section describes some of the valuable contributions by the researchers. [21] designed Trusted Virtual Datacenter (TVDc). The aim of TVDc is to provide a safety net that reduces the risk of security issues that take place by misusing the VMs with the help of malicious software. [22] Proposed a trusted VMM with the use of encryption methods. This technique is referred as CloudVisor.

Security in Cloud Virtualization Layer

2020

Branch Prediction Analysis attack is one of the most significant Side-Channel Attack (SCA), which causes severe issues on a machine hosting multiple services by exploiting shared resources. The current state of the art cloud technology provides a level of isolation by hosting processes on different VMs (Virtual Machines). Still, the scope of exploitation does not get eliminated even in the virtualization environment. The severity of the BPA attack and its normal-looking attack detecting mechanism makes its study very interesting and challenging. With the main research focus on security issues in the virtual environment, handling of Cross-VM BPA attack is the core of the present research work. The applicability of four BPA attack launching methods has been assessed on different types of VM configurations. Simulation of two important types of BPA (Branch Prediction Analysis) attacks; DTA (Direct Timing Attack) and TDA (Trace-Driven Attack) was also done on the most common VM configuration. With an in-depth study of attack launching methods and their behavior analysis, a four-eyed model Chaturdrashta is proposed. Chaturdrashta is comprised of two solutions: Trilochan to detect Cross-VM Direct Timing Attack (DTA) and Trinetra to detect Cross-VM Trace-Driven Attack (TDA). Solutions can successfully detect the attack by the time when just a few bits are predicted. The processing overhead of the proposed approach is hardly 1%. Additionally, Trilochan and Trinetra in their original form were also found capable of detecting the presence of the BPA attack launched with the Asynchronous and Synchronous BTB Eviction methods. A testbed comprising of various types of genuine processes was simulated to check the efficiency of solutions. With high accuracy in attack detection, the solutions do not have any false positives. The proposed solutions neither depend on any cryptographic algorithm nor manipulate any architectural components. Chaturdrashta is a host-based solution, where one of the components is embedded in the kernel. The other three components are implemented as Linux services. Such an implementation requires a system reboot to bring their manipulations into effect. In turn, it reduces the scope of Chaturdrashta of getting exploited. 2 1. State of the Art Cloud technology has become a defacto standard for service provisioning due to its resource optimization capabilities. Its feature of providing virtual machines (VMs) to different users for different purposes is being used very commonly by cloud administrators. This multi-tenant environment of the cloud technology opens up a new dimension of the security threats due to its intrinsic characteristics. Most of the users and administrators consider virtual machines as independent machines. Configuring full proof isolated virtual machine is not possible in available tools and technology directly. Very few tools tried to provide this facility but at the cost of resource optimization and compromising useful features like load balancing and fault tolerance. Furthermore, it requires high-level expertise and in-depth knowledge to implement such configuration. The common out of the box, standard and adopted configuration model does provide isolation of memory, disk space, OS, Applications, etc. but shares CPU cores across virtual machines. Thus, hardware resources like Cache Memory, Memory Bus, Network Queue, and Branch Prediction Unit (BPU) are also shared among co-hosted VMs. The sharing of resources opens the scope of Side-Channel Attacks, which are very common in machines used to host multiple services. We have studied one of the SCA, called Branch Prediction Analysis attack for our research work on "Security in Cloud Virtualization Layer". The study revealed the necessity of working out solutions to address BPA attacks in the virtual environment.

Protection of Virtual Machine Deployment at a Cloud Service Provider Through TPM

International Journal of Current Research

Cloud Service Provider (CSP) provides virtualized computing resources through the internet. A client may ask for an IaaS service However, the customer have no means of verifying that its VM run in a secure environment. address this problem we propose a design of Trusted VM deployment (TVMD) model, customer can deploy its VMi into a set of trusted Node (N) on the IaaS perimeter and enhance backend attacks. leveraging trust in a neutral third party : an Extern Node (N) run in a set of trusted node in the IaaS perimeter secured by the ETC through a Trusted Module Platform(TPM).

Security Aspects of Virtualization in Cloud Computing

Lecture Notes in Computer Science, 2013

In Cloud computing, virtualization is the basis of delivering Infrastructure as a Service (IaaS) that separates data, network, applications and machines from hardware constraints. Although Cloud computing has been a focused area of research in the last decade, research on Cloud virtualization security has not been extensive. In this paper, different aspects of Cloud virtualization security have been explored. Specifically, we have identified: i) security requirements for virtualization in Cloud computing which can be used as a step towards securing virtual infrastructure of Cloud, ii) attacks that can be launched on Cloud virtual infrastructure, and iii) security solutions to secure the virtualization environment by overcoming the possible threats and attacks.

Virtualization and Security Aspects: An Overview

2020

Virtualization allows a single system to concurrently run multiple isolated virtual machines, operating systems (OSes) or multiple instances of a single OS. It helps organizations to improve operational efficiency, reduce costs, improve the use of hardware, and to allocate resources ondemand. Nevertheless, like most technologies, it has vulnerabilities and threats. Research about security issues related to virtualization has been conducted for several years. However, there are still open challenges related to security in virtualization. This paper looks into some of the differences, issues, challenges, and risks caused by virtualization and aims to classify the various virtualization approaches, along with their goals, advantages and drawbacks from a security perspective. Such classification is expected to help in the identification of virtualization technologies that might be applied in a virtualized infrastructure. This work is intended to be an introduction to the security consid...

IJERT-Design and Implementation of Techniques for Secure Virtualization in Cloud Environment

International Journal of Engineering Research and Technology (IJERT), 2014

https://www.ijert.org/design-and-implementation-of-techniques-for-secure-virtualization-in-cloud-environment https://www.ijert.org/research/design-and-implementation-of-techniques-for-secure-virtualization-in-cloud-environment-IJERTV3IS070778.pdf Virtualization is important feature of cloud computing. With virtualization efficiency of computing services can be increased. We can create virtual environment on any machine with any operating system. The virtual environment is vulnerable many different security attacks. In this paper we are focusing on cross vm side channel attack which is type of virtual machine attack. In our system we have developed a security program called monitoring program. This monitoring program continuously monitors the virtual environment and reports the malicious activities done by any virtual machine. Thus using this monitoring program we can monitor the activities of all the virtual machines on our system and we can easily detect the malicious activities done by any virtual machine. Then depending on reports given by monitoring program the service provider can take action against the malicious virtual machine.

New Security Perspective for Virtualized Platforms

2013

Recently, an important transition in IT infrastructure and delivery services occurs, based on the virtualization technology, cloud computing becomes the key for any successful information technology solution. Unfortunately, This success will brings fundamental changes in the classic network security concepts and implementation, since in virtualized environment, components are no longer considered as a separate systems, but resources, data and applications, are seen as services with no visible security perimeter, from this perspective, new adapted security approach to protect such environment is needed; Each physical security solution, like firewalls, intrusion prevention system and network access control, will have a corresponding that fits in the virtual platform, with automation capabilities to monitor, assess network traffic and stop threats accurately. The perspective of this paper is to propose a deep study of the virtualized platform, especially the hypervisor and the inter-vi...