Affiliation:
1. The University of Canterbury, Christchurch, New Zealand
2. University of The District of Columbia, Washington, DC
Abstract
Although system virtualization is not a new paradigm, the way in which it is used in modern system architectures provides a powerful platform for system building, the advantages of which have only been realized in recent years, as a result of the rapid deployment of commodity hardware and software systems. In principle, virtualization involves the use of an encapsulating software layer (Hypervisor or Virtual Machine Monitor) which surrounds or underlies an operating system and provides the same inputs, outputs, and behavior that would be expected from an actual physical device. This abstraction means that an ideal Virtual Machine Monitor provides an environment to the software equivalent to the host system, but which is decoupled from the hardware state. Because a virtual machine is not dependent on the state of the physical hardware, multiple virtual machines may be installed on a single set of hardware. The decoupling of physical and logical states gives virtualization inherent security benefits. However, the design, implementation, and deployment of virtualization technology have also opened up novel threats and security issues which, while not particular to system virtualization, take on new forms in relation to it. Reverse engineering becomes easier due to introspection capabilities, as encryption keys, security algorithms, low-level protection, intrusion detection, or antidebugging measures can become more easily compromised. Furthermore, associated technologies such as virtual routing and networking can create challenging issues for security, intrusion control, and associated forensic processes. We explain the security considerations and some associated methodologies by which security breaches can occur, and offer recommendations for how virtualized environments can best be protected. Finally, we offer a set of generalized recommendations that can be applied to achieve secure virtualized implementations.
Publisher
Association for Computing Machinery (ACM)
Subject
General Computer Science,Theoretical Computer Science
Reference128 articles.
1. A comparison of software and hardware techniques for x86 virtualization
2. Advanced Micro Devices. 2008. AMD-VTM nested paging. http://developer.amd.com/assets/NPT-WP-1 1-final-TM.pdf. Advanced Micro Devices. 2008. AMD-V TM nested paging. http://developer.amd.com/assets/NPT-WP-1 1-final-TM.pdf.
3. Advanced Micro Devices. 2010. AMD virtualization (AMD-V)TM technology. http://sites.amd.com/us/business/itsolutions/virtualization/Pages/amd-v.aspx. Advanced Micro Devices. 2010. AMD virtualization (AMD-V) TM technology. http://sites.amd.com/us/business/itsolutions/virtualization/Pages/amd-v.aspx.
4. Athreya M. B. 2010. Subverting Linux On-the-Fly Using Hardware Virtualization Technology. http://smartech.gatech.edu/handle/1853/34844. Athreya M. B. 2010. Subverting Linux On-the-Fly Using Hardware Virtualization Technology. http://smartech.gatech.edu/handle/1853/34844.
5. Providing secure services for a virtual infrastructure
Cited by
124 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献