New Security Perspective for Virtualized Platforms (original) (raw)

VIRTUALIZATION SECURITY MANAGEMENT

Cloud computing is turning out to be the key component in the future of internet. And, Virtualization is the term that refers to the abstraction of the resources mainly the computer resources. The resource utilization can be improved with the help of virtualization. This provides integration to the platform of the user and aggregation to the heterogeneous resources and the autonomous behaviour of the resources. Here in this paper, the review of virtualization, its security and the performance is discussed.

Security and Virtualization: a Survey

2011

In this report, we investigate the security aspects and challenges about computer virtualization. In a few words, virtualization is what allows the execution of multiple operating systems on a single machine at the same time. A virtualization component can be viewed as a layer or a container making some kind of emulation, allowing to execute programs or operating systems on the virtualized layer, for example executing Microsoft Windows and Linux on one single machine at the same time. On one hand, as virtualization can provide a kind of isolation between users/applications/operating systems, it can address some security containment problems. But on the other hand, there exist today many security flaws and attacks focused on such systems, as the virtualization layer controls and monitors all virtualized applications/operating systems. The outline of this report is the following. We first review precisely all the various forms the virtualization layer and related components can take. ...

Virtualization and Security Aspects: An Overview

2020

Virtualization allows a single system to concurrently run multiple isolated virtual machines, operating systems (OSes) or multiple instances of a single OS. It helps organizations to improve operational efficiency, reduce costs, improve the use of hardware, and to allocate resources ondemand. Nevertheless, like most technologies, it has vulnerabilities and threats. Research about security issues related to virtualization has been conducted for several years. However, there are still open challenges related to security in virtualization. This paper looks into some of the differences, issues, challenges, and risks caused by virtualization and aims to classify the various virtualization approaches, along with their goals, advantages and drawbacks from a security perspective. Such classification is expected to help in the identification of virtualization technologies that might be applied in a virtualized infrastructure. This work is intended to be an introduction to the security consid...

A Secure Hypervisor-based Technology Create a Secure Cloud Environment

As one of the most exciting technologies which have matured in the world today, Cloud Computing has emerged as one which has garnered the most appeal as being flexible and scalable. It has been known to reduce both complexity as well as cost of applications. What was once a dream has now manifested itself as a reality embraced by leaders not only in the industry but in research institutions and various organizations in multitude of spheres? Cloud computing is based on virtualization, A technology in itself which is not quite new. However, the security issues which followed virtualization now poses an equal challenge in case of cloud computing. Further, virtualization can offer only limited security capabilities. This, therefore, poses a significant hurdle which needs to be surmounted in order to secure a wide area environment such as the cloud. The development of a resilient and sturdy security system demands that changes be made derived from traditional virtualization architecture. This paper proposes new security architecture in a hypervisor-based virtualization with the sole objective to offer security against malicious attacks.

Security Architecture for Virtual Machines

We propose security architecture based on virtual machine monitor to efficiently deal with attacks on virtual machines. We will show that our model is capable of detecting suspicious processes running in the virtual machine, can detect and prevent different types of attacks including zero day attacks by monitoring the virtual machine traffic and the processes that are generating or receiving the traffic. The architecture also makes use of sharing information about the suspicious behaviour among multiple Intrusion detection systems deployed in different virtual machine monitors. We describe the implementation of the proposed architecture and present a detailed analysis of how our architecture can be used to detect zero day attacks.

A New Virtualization-Based Security Architecture in a Cloud Computing Environment

2013

Cloud computing finally emerged on the stage of the information technology. Virtualization is the core of cloud computing. Virtualization minimizes capital, operational and maintenance costs. Also, it provides flexibility in the used platform. However, the expansion of cloud computing is impeded by the lack of the security issue. Physical resources are exposed to security threats and malware attacks. Therefore, the system is subject to data loss, denial of service, performance degradation, and even hardware damage. This paper proposes a new security architecture based on two frameworks described in the literature. Therefore, the paper explores both frameworks, analyzes them, criticizes them, and then highlights their advantages and disadvantages. Finally, the paper describes the proposed architecture.

On the effectiveness of virtualization-based security

2012

Protecting commodity operating systems and applications against malware and targeted attacks has proven to be difficult. In recent years, virtualization has received attention from security researchers who utilize it to harden existing systems and provide strong security guarantees. This has lead to interesting use cases such as cloud computing where possibly sensitive data is processed on remote, third party systems.

Integrated Security Architecture for Virtual Machines

Currently virtualisation technology is being deployed widely and there is an increasing interest on virtualisation based security techniques. There is a need for securing the life cycle of the virtual machine based systems. In this paper, we propose an integrated security architecture that combines access control, intrusion detection and trust management. We demonstrate how this integrated security architecture can be used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation aspects of the proposed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks.

Security in Cloud Virtualization Layer

2020

Branch Prediction Analysis attack is one of the most significant Side-Channel Attack (SCA), which causes severe issues on a machine hosting multiple services by exploiting shared resources. The current state of the art cloud technology provides a level of isolation by hosting processes on different VMs (Virtual Machines). Still, the scope of exploitation does not get eliminated even in the virtualization environment. The severity of the BPA attack and its normal-looking attack detecting mechanism makes its study very interesting and challenging. With the main research focus on security issues in the virtual environment, handling of Cross-VM BPA attack is the core of the present research work. The applicability of four BPA attack launching methods has been assessed on different types of VM configurations. Simulation of two important types of BPA (Branch Prediction Analysis) attacks; DTA (Direct Timing Attack) and TDA (Trace-Driven Attack) was also done on the most common VM configuration. With an in-depth study of attack launching methods and their behavior analysis, a four-eyed model Chaturdrashta is proposed. Chaturdrashta is comprised of two solutions: Trilochan to detect Cross-VM Direct Timing Attack (DTA) and Trinetra to detect Cross-VM Trace-Driven Attack (TDA). Solutions can successfully detect the attack by the time when just a few bits are predicted. The processing overhead of the proposed approach is hardly 1%. Additionally, Trilochan and Trinetra in their original form were also found capable of detecting the presence of the BPA attack launched with the Asynchronous and Synchronous BTB Eviction methods. A testbed comprising of various types of genuine processes was simulated to check the efficiency of solutions. With high accuracy in attack detection, the solutions do not have any false positives. The proposed solutions neither depend on any cryptographic algorithm nor manipulate any architectural components. Chaturdrashta is a host-based solution, where one of the components is embedded in the kernel. The other three components are implemented as Linux services. Such an implementation requires a system reboot to bring their manipulations into effect. In turn, it reduces the scope of Chaturdrashta of getting exploited. 2 1. State of the Art Cloud technology has become a defacto standard for service provisioning due to its resource optimization capabilities. Its feature of providing virtual machines (VMs) to different users for different purposes is being used very commonly by cloud administrators. This multi-tenant environment of the cloud technology opens up a new dimension of the security threats due to its intrinsic characteristics. Most of the users and administrators consider virtual machines as independent machines. Configuring full proof isolated virtual machine is not possible in available tools and technology directly. Very few tools tried to provide this facility but at the cost of resource optimization and compromising useful features like load balancing and fault tolerance. Furthermore, it requires high-level expertise and in-depth knowledge to implement such configuration. The common out of the box, standard and adopted configuration model does provide isolation of memory, disk space, OS, Applications, etc. but shares CPU cores across virtual machines. Thus, hardware resources like Cache Memory, Memory Bus, Network Queue, and Branch Prediction Unit (BPU) are also shared among co-hosted VMs. The sharing of resources opens the scope of Side-Channel Attacks, which are very common in machines used to host multiple services. We have studied one of the SCA, called Branch Prediction Analysis attack for our research work on "Security in Cloud Virtualization Layer". The study revealed the necessity of working out solutions to address BPA attacks in the virtual environment.

Security in Network Virtualization: A Survey

J. Inf. Process. Syst., 2021

Network virtualization technologies have played efficient roles in deploying cloud, Internet of Things (IoT), big data, and 5G network. We have conducted a survey on network virtualization technologies, such as software-defined networking (SDN), network functions virtualization (NFV), and network virtualization overlay (NVO). For each of technologies, we have explained the comprehensive architectures, applied technologies, and the advantages and disadvantages. Furthermore, this paper has provided a summarized view of the latest research works on challenges and solutions of security issues mainly focused on DDoS attack and encryption.