Advertisement

Virtual Machine Isolation

A Survey on the Security of Virtual Machines
  • R. Jithin
  • Priya Chandran
Part of the Communications in Computer and Information Science book series (CCIS, volume 420)

Abstract

The popularity and widespread adoption of cloud computing has resulted in extensified and intensive use of virtualization technology. Virtualization technology allows the sharing of the same physical resources among several users. This enables the consolidation of servers and a multitude of user machines into a very small set of physical servers, by replacing the physical machines with virtual machines, running on the same physical servers. Consequently, several users work on and store their data in the same physical platform. A software layer is used to enable the sharing of hardware between the different users. Understandably, this leads to apprehensions about the security of their data and working environment for the users, as these are situated only one software layer apart from those belonging to the other users. Centralized storage and centralized computing thus naturally raise the question of security of user’s data, and motivate studies on how data security could possibly be compromised. This article surveys the security concerns in virtualization technology. It includes a study of different attacks in the context of virtualization, and logically organizes them in different categories. Where available, the patches to the attacks are also included in the survey. A special focus of the survey is on hardware limitations to support virtualization, and the conclusion drawn is that hardware limitations of different types are the root cause of most of the security issues.

Keywords

Virtualization technology Virtual Machines Virtualization Security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Smith, J.E., Nair, R.: Virtual Machines: Versatile Platform for Systems and Processes. Morgan Kaufmann (2006)Google Scholar
  2. 2.
    Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation, vol. 2, pp. 273–286. USENIX Association (2005)Google Scholar
  3. 3.
    Xiao, J., Xu, Z., Huang, H., Wang, H.: A covert channel construction in a virtualized environment. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 1040–1042. ACM, New York (2012), http://doi.acm.org/10.1145/2382196.2382318 CrossRefGoogle Scholar
  4. 4.
    Wu, J.Z., Ding, L., Wang, Y., Han, W.: Identification and evaluation of sharing memory covert timing channel in xen virtual machines. In: 2011 IEEE International Conference on Cloud Computing (CLOUD), pp. 283–291. IEEE (2011)Google Scholar
  5. 5.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316. ACM, New York (2012), http://doi.acm.org/10.1145/2382196.2382230 CrossRefGoogle Scholar
  6. 6.
    Li, Y., Shen, Q., Zhang, C., Sun, P., Chen, Y., Qing, S.: A covert channel using core alternation. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 324–328. IEEE (2012)Google Scholar
  7. 7.
    Li, H., Zhu, J., Zhou, T., Wang, Q.: A new mechanism for preventing hvm-aware malware. In: 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN), pp. 163–167. IEEE (2011)Google Scholar
  8. 8.
    King, S.T., Chen, P.M.: Subvirt: Implementing malware with virtual machines. In: 2006 IEEE Symposium on Security and Privacy, p. 14. IEEE (2006)Google Scholar
  9. 9.
    Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proc. of BlackHat DC convention (2008)Google Scholar
  10. 10.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. ACM SIGOPS Operating Systems Review 37(5), 164–177 (2003)CrossRefGoogle Scholar
  11. 11.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  12. 12.
    Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of l2 cache covert channels in virtualized environments. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 29–40. ACM, New York (2011), http://doi.acm.org/10.1145/2046660.2046670 Google Scholar
  13. 13.
    Okamura, K., Oyama, Y.: Load-based covert channels between xen virtual machines. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC 2010, pp. 173–180. ACM, New York (2010), http://doi.acm.org/10.1145/1774088.1774125 Google Scholar
  14. 14.
    Gong, X., Kiyavash, N., Venkitasubramaniam, P.: Information theoretic analysis of side channel information leakage in fcfs schedulers. In: 2011 IEEE International Symposium on Information Theory Proceedings (ISIT), pp. 1255–1259. IEEE (2011)Google Scholar
  15. 15.
    Jaskolka, J., Khedri, R.: Exploring covert channels. In: 2011 44th Hawaii International Conference on System Sciences (HICSS), pp. 1–10. IEEE (2011)Google Scholar
  16. 16.
    Kaleeswaran, S.: Managing covert information leaks in xen virtual machine systems. Master’s thesis. NIT Calicut (May 2010)Google Scholar
  17. 17.
  18. 18.
    Myers, M., Youndt, S.: An introduction to hardware-assisted virtual machine (hvm) rootkits. White Paper of Crucial Security (2007)Google Scholar
  19. 19.
    Carbone, M., Lee, W., Zamboni, D.: Taming virtualization. IEEE Security & Privacy 6(1), 65–67 (2008)CrossRefGoogle Scholar
  20. 20.
    Abramson, D., Jackson, J., Muthrasanallur, S., Neiger, G., Regnier, G., Sankaran, R., Schoinas, I., Uhlig, R., Vembu, B., Wiegert, J.: Intel virtualization technology for directed i/o. Intel Technology Journal 10, 178–192 (2006)CrossRefGoogle Scholar
  21. 21.
    Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 51–62. ACM (2008)Google Scholar
  22. 22.
    Hardware-assisted virtualization technology, Intel, Web Article (2012), http://www.intel.in/content/www/in/en/virtualization/virtualization-technology/hardware-assist-virtualization-embedded-technology.html (retrieved December 10, 2012)
  23. 23.
    König, A., Steinmetz, R.: Detecting migration of virtual machines. In: Proceedings of the 10th Würzburg Workshop on IP: Joint ITG, ITC, and Euro-NF Workshop Visions of Future Generation Networks (EuroView 2011), Julius-Maximilians-Universität Würzburg, Lehrstuhl für Informatik III (2011)Google Scholar
  24. 24.
    Shetty, J., Anala, M.R., Shobha, G.: A survey on techniques of secure live migration of virtual machine. International Journal of Computer Applications 39(12) (2012)Google Scholar
  25. 25.
    Perez, R., Sailer, R., van Doorn, L.: vtpm: virtualizing the trusted platform module. In: Proc. 15th Conf. on USENIX Security Symposium, pp. 305–320 (2006)Google Scholar
  26. 26.
    Stumpf, F., Eckert, C.: Enhancing trusted platform modules with hardware-based virtualization techniques. In: Second International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2008, pp. 1–9. IEEE (2008)Google Scholar
  27. 27.
    Danev, B., Masti, R., Karame, G., Capkun, S.: Enabling secure vm-vtpm migration in private clouds. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 187–196. ACM (2011)Google Scholar
  28. 28.
    Neiger, G., Santoni, A., Leung, F., Dion Rodgers, R.U.: Intel virtualization technology: Hardware support for efficient processor virtualization. Intel Technology Journal 10, 166–177 (2006)CrossRefGoogle Scholar
  29. 29.
    Advanced Micro Devices: Secure Virtual Machine Architecture Reference Manual Advanced Micro Devices (May 2005)Google Scholar
  30. 30.
    Robin, J.S., Irvine, C.E.: Analysis of the intel pentium’s ability to support a secure virtual machine monitor. DTIC Document, Tech. Rep. (2000)Google Scholar
  31. 31.
    Uhlig, R., Neiger, G., Rodgers, D., Santoni, A.L., Martins, F.C., Anderson, A.V., Bennett, S.M., Kgi, A., Leung, F.H., Smith, L.: Intel virtualization technology, May 2005, pp. 48–56. IEEE Computer Society Press (2005)Google Scholar
  32. 32.
    Adams, K., Agesen, O.: A comparison of software and hardware techniques for x86 virtualization. ACM SIGOPS Operating Systems Review 40(5), 2–13 (2006)CrossRefGoogle Scholar
  33. 33.
    Ben-Yehuda, M., Mason, J., Xenidis, J., Krieger, O., Van Doorn, L., Nakajima, J., Mallick, A., Wahlig, E.: Utilizing iommus for virtualization in linux and xen. In: OLS 2006: The 2006 Ottawa Linux Symposium, pp. 71–86. Citeseer (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • R. Jithin
    • 1
  • Priya Chandran
    • 1
  1. 1.National Institute of TechnologyCalicutIndia

Personalised recommendations