2. background
Current operating systems provide the process abstraction to
achieve resource sharing and isolation. From a security
perspective, however, an attacker who has compromised one
process can usually gain control of the entire machine. This
makes security systems running on the same computer, such as
anti-virus programs or intrusion detection systems, also
vulnerable to attack. In response to the imperfect isolation
between processes in modern operating systems, security
researchers have begun to use virtual machine technology
when designing security systems
3. By the end of this presentation you
should be able to:
1. Define a virtual machine and explain its architecture
2. Outline the types of the virtual machine environment
3. Explain virtual machine security mechanism
4. Evaluate the benefits and risks of using a VM
4. Def
A virtual machine(VM) is a logical process (most often an
operating system) that interfaces with emulated hardware
and is managed by an underlying control program.
6. cont
Most modern virtual machine systems use the virtual
machine monitor (VMM) model for managing and controlling
individual virtual machines. The VMM is a thin software layer
that runs directly on a physical machine’s hardware
7. con
On top of the virtual machine monitor, there can be one or
more virtual machines
The VMM provides each virtual machine with a set of virtual
interfaces that resemble direct interfaces to the underlying
hardware. Applications on a virtual machine can run without
modification as if they were on running on a dedicated
physical machine
8. con
The VMM allows multiple virtual machines to be running at
the same time and transparently multiplexes resources
between them
9. con
The VMM also isolates the virtual machines from one
another, preventing them from accessing each other’s memory
or disk space. The operating system that runs inside of a
virtual machine is traditionally referred to as the guest OS, and
applications running on the guest OS are referred to as guest
applications.
13. Type 1 and Type 2 VM
Type 1 architecture
A Type I VMM runs directly
on the physical hardware. It
does not have an operating
system running below it; the
Type I VMM is fully
responsible for scheduling
and allocating of the
system’s resources
between virtual machines
Type 2 architecture
A Type II VMM runs as an application in
a normal operating system. This
operating system controls the real
hardware resources, and is typically
referred to as the ”Host OS.” The host
OS has no knowledge of the Type II
VMM, which is treated like any other
process in the system. The operating
system that runs inside of the Type II
VMM is referred to as the ”Guest OS.”
Examples of Type-II VMM include
VMWare GSX (workstation) [SVL01],
UML (User-Mode Linux) [Dik00], and
FAUmachine [HWS04].
14. Con
Type 1
con
Type 2
Type II VMM is running
inside of a standard
operating system, any
security vulnerabilities that
lead to the compromise of
the host OS will also give
full control of the guest OS.
15. Virtual Environment Security
Mechanisms
The security of VM-based services rests on the assumption
that the underlying trusted computing base (TCB) is also
secure. If the TCB is compromised, then all bets are for the
VM-based
16. Security of Virtual Machines
In a Type I virtual machine, the trusted computing base is the
virtual machine monitor. Some services also need to include
the dedicated secure VM as part of TCB. The TCB is
considered to be secure because “It is so simple that its
implementation can be reasonably expected to be correct”
Virtual machine monitors are only responsible for virtualizing
the physical machine’s hardware and partitioning it into
logically separate virtual machines
17. con
Compared to a full operating system, which may have
several million lines of code, VMMs have around 30,000 lines
of code. Also, the secure VM typically has a reduced mini-OS
without any unneeded services or components.
In addition to having a small code base, the interfaces to
VMM and the dedicated security VM are much simpler, more
constrained, and better specified than a standard operating
system. This helps reduce the risk of security vulnerabilities.
18. con
a) Mandatory access control:
MAC component runs in a separate VM and administrator
can modify the security policy
19. con
b) Para-virtualization:.
the interface executed by the guest OS consist of three
components: “memory management, CPU, and device I/O”
and the guest OS is responsible for managing these
resources.
20. con
c) Policy considerations
it is better to have proper guidelines and security policies
which can be implemented dynamically in accordance with
the change in the virtual environment.
21. d) Virtual Layer Vulnerabilities: Here the author Michael Price
[4] discusses about the layered architecture of a virtual
environment and how it play a major role in security issues.
The fact that lower level layers can have control over the
upper level layers if there is any malicious code or worm
infected in the upper layer of the VM environment then those
can be easily removed from the lower layers. But it becomes
difficult to remove the malicious code if it infects the lower
layer of the VM environment.
23. a) Resource Utilization: VMM are going to be used by many
users at same time. Therefore resource utilization
mechanism should be strong.
24. con
virtual box is a better solution when the students need to run
multiple virtual machines concurrently on their personal
computers in a decentralized fashion.
25. con
b) Security: An important feature of virtualization is isolation.
That is software running in one VM will not interact with
another VM running is the same machine This gives a lot of
security benefits.
26. con
c) Robustness: Virtualization makes the system more robust
.They become more fault tolerant. If there is any problem one
VM the other VM is not at all affected. More than that if an
attacker gains access to one VM then he should not be able
to access the other VMs associated with the machine. Also
Hardware failures can be tolerated using this mechanism of
isolation
27. con
d) Decomposition: Here once again the isolation mechanism
plays an important role. Isolation can be used to decompose
a system. An example, Each server may be running in
different VMs on same physical machine. Decomposition has
been an important step in the virtualization.
28. con
E) Encapsulation: According to author Michael Price
[4], security aspects is improved when we use the concept of
encapsulation. He also believes that fact that the services
running in virtual machines are easy to encapsulate and
replicate. So the author says if we can build a risk free robust
application or service it can be replicated and distributed. In
that way even if there is any bug or attack on one application
the other applications can still run.
29. f) Intrusion protection: Here the author Michael Price [4]
brings the concept of clones. He talks about Signature based
intrusion detection. Here the state of a system is determined
by monitoring the system activity. Here he suggests that
instead of looking for the patterns on the original machines,
clones can be created and the events can be monitored [4].
Clones can be run in standby mode and then can be
synchronized with the real machine and then the pattern of
the clone activity can be monitored [4, 15].In this manner one
need not compromise the real system
31. con
a) Scaling: it is easy to replicate a VM or creating a copy is
very easy..
a single fatal event or a single system attacked with worm or
malicious code can be replicated which can cause
destruction to the virtual environment.
32. con
b) Transience: in a virtual environment large number of
mobile machines comes and goes very frequently. Network
with traditional machines were much more stable as it was
easy to analyze the configuration of the existing network.
33. con
d) Diversity: in a virtual environment it is difficult to enforce
homogeneity in the network. Some of the VM will be running
with new updated patches, but some will be still running with
the older version of OS.
If one has to migrate their machine from one version to
another, being a very diverse environment it would be difficult
to migrate all the system from older version to newer version
34. con
e) Mobility: it is easy to copy VMs and it can give rise to
security threats.