Virtual Security ProblemsThis paper discusses virtualization and the security problems that arise from the implementation of virtualization. Virtual Security ProblemsBy: Jacob Bridge March 24, 2008 Abstract: Companies are trying to cut costs and increase productivity in the workplace, virtualization is a great technology to help that cause. Virtualization allows multiple operating systems to run on the same machine simultaneously. With this technology comes new security problems within guest operating systems, host operating systems, and hypervisors. The biggest fear is that companies have just jumped into the virtualized world with out considering the consequences on their network. Intro: Virtualization allows different operating systems, running different environments on one machine. This provides many different possibilities for companies, private and public alike. Companies can cut costs by running different services on one machine, which cuts out buying multiple servers to run multiple services. On the security front of this emerging technology there are many concerns. One security concern is that each operating system that is running has it''s own vulnerabilities. Multiple operating systems add to the vulnerabilities that are on the one machine. Another concern is hacking the virtualization program or hypervisor and being able to access all of the operating systems that are running on that machine or all the systems that are controlled by the virtualization program. The biggest concern is that companies have not updated their policies for implementing virtualization and that most companies have enough trouble managing the servers they have now. Virtualization adds more servers to the network, which in turn makes it more difficult to manage from an IT standpoint. How it works: Virtualization can be implemented a few different ways, partitioning and hypervisors. The partitioning of hardware divides the machine into smaller pieces, and each piece has the ability to boot an operating system. According to IBM, this does allow for hardware sharing, but does not fully utilize the abilities of resource sharing and emulation (IBM, 2005, pg. 2). Resource sharing and emulation are better utilized by a hypervisor. To better connect your virtualized operating systems, a hypervisor is the way to go. According to Bruno Zoppis, "the purpose of a hypervisor is to provide several execution environments on a single hardware platform" (Trango, 2007, pg. 5). There are a few different places that a hypervisor will reside on the machine, one of these places is directly on or above the hardware. This type of hypervisor according to IBM is called a "type 1" hypervisor (IBM, 2005, pg. 2). This hypervisor is a middle man between the hardware and the host operating system. From this hypervisor guest operating systems will be spawned in parallel with the host operating system. An illustration of a type 1 hypervisor can be seen in Figure 1: Type 1 Hypervisor. The next place a hypervisor can reside is with in the operating system environment or "type 2" according to IBM (IBM, 2005, pg. 3). This means that the host operating system is booted up and then guest operating systems are spawned off of the host OS. An illustration of this is seen in Figure 2: Type 2 Hypervisor. Security: There are a lot of positives to implementing virtualization with in any size company. There are plenty of scenarios in which a virtualized machine can save the company, not only money but also their integrity and their data. The most obvious example is running different virtualized servers on one machine which cuts out the purchase of multiple servers to run the same services. Virtualization is also used to update servers more easily. With the snapshot options that are included in most distributions of virtualization programs, companies can "copy" the server to another computer then install, and even test the updates before placing the server back online. This greatly improves the companies integrity from the standpoint that the company can test the updates to help minimize problems, and keep the server from crashing. Even if all goes well in the updating process there are still going to be problems that can take down the server which leads us to another advantage, disaster recovery. Again with the snapshot feature all a company has to do is make sure that they take snapshots of their server. When a server crashes, all they have to do is load from the last snapshot, and they are back online. Even with all of the great possibilities that virtualization has to offer, there are many security concerns that arise from the use of virtualization. Some of the concerns center around the different operating systems that are running on the computer or server. Other concerns center around the hypervisor that manages the different operating systems. Each operating system has vulnerabilities, and the more operating systems that you have running on one machine, then the more vulnerabilities you have to worry about from an IT standpoint. James Tiller, first installed VMWare when it was floating around the internet in 1994, here is an excerpt from his first discoveries. "Once I was familiar with the Win95/Linux Frankenstein that I created, I began to investigate the security attributes ... Starting from a remote machine on my network and then moving my attack source point to the Linux host system, I found what one would expect, the typical holes found in default installs" (Tiller, 2006, pg. 2-3). IT will have to trim unwanted services, update, patch, and monitor the different operating systems that run on the virtualized machine(s), in order to keep it secure. Another concern for virtualization is taking out or accessing a bunch of servers in one fell swoop. This is easier to imagine if there was a system that was running a type 2 hypervisor. In implementing a type 2 hypervisor, if the host operating system crashes, then all of the guest operating systems that are spawned from the host are down as well. Another way to take all machines out in one fell swoop is through system memory. According to James Tiller "only the system memory presented an option for a broad attack ? an attack that would essentially offer multiple system access with one swing of the bat. A well-constructed worm or sophisticated tool could take advantage of the overlap" (Tiller, 2006, pg. 3). Since both operating systems would be accessing the same system memory, a worm or tool would be able to either create a denial of service by taking out the server''s memory or gain access to the servers. A different way to interrupt or gain access to multiple systems on one machine would be through the hypervisor. According to Jaikumar Vijayan states that with the emergence of virtualization tools this leaves hackers with stacks of unexplored code to sift through to find vulnerabilities (Vijayan, 2007, pg. 16). Along with this type of attack there are different virtualization monitoring software, which sit just above the hardware to monitor which virtual machines are running and which are dormant. According to Vijayan, there was a researcher out of Singapore that created a tool called "Blue Pill" which installs a rootkit and allows virtual systems to be hijacked all while remaining undetectable to IT personel (Vijayan, 2007, pg. 16). To this effect virtualized systems communicate on a virtual network inside the host machine. This presents a problem according to John Peterson. An infected virtual system could create denial of service attacks on the local virtual network by consuming shared resources (Peterson, 2007, pg. 20). The denial of service attack would potentially wipe out a whole stack of services that a company is providing by infecting a single system on that machine. When an attacker is going to launch their offensive, they want to be sure that they can get away with it or complete their mission undetected. According to Tom Yager, it is theoretically easier to do a root exploit because a virtual machine can be failed over to a clone of itself with out disappearing from the network (Yager, 2006, pg. 16). This would help an attack go undetected because there would be no alarm raised by the server going offline. Along with this cloning type attack there is a similar one that can be used. Since the image of the virtual machine has to be stored somewhere, what is to stop an attacker from swiping a copy of the image to break at their own leisure? This scenario would help if the virtual machine was a more mission critical service that was heavily encrypted. Conclusion: Virtualization is a great tool that will be used extensively from now into the future. The positive aspects of this emerging technology are great for companies and offer them more cost effective and efficient options. Along with all new computer tools there are downsides to virtualization. Companies have to be able to handle the workload of added virtual workstations and servers that are created. Then the company must be able to secure the host machines by minimizing their vulnerabilities. Each virtual machine is a standalone machine that has it''s own vulnerabilities as well as the vulnerabilities of the virtual machines on the host machine. References: International Business Machines Corporation (IBM). (2005). Virtualization. (First Edition, version 2.1). IBM Systems. http://publib.boulder.ibm.com/infocenter/eserver/v1r2/topic/eicay/eicay.pdf Peterson, John. (2007). Security Rules Have Changed. Communication News, May 2007. Retrieved March 20, 2008, from ProQuest database. Tiller, James. (2006). Virtual Security: The New Security Tool?. Information System Security, July/August. Retrieved March 20, 2008, from ProQuest database. Trango Virtual Processors. (2007). Reconcile GPL Software and Proprietary Code on Embedded Systems with a Secure Hypervisor. Zoppis, Bruno http://www.trango-vp.com/download/TGO-TEC-0340-TRANGO_GPL.pdf Vijayan, Jaikumar. (2007). Virtualization Increases IT Security Pressures. Computer World, August. Retrieved March 20, 2008, from ProQuest database. Yager, Tom. (2006). Virtualization and Security. InfoWorld.com, November. Retrieved March 20, 2008, from ProQuest database. Jacob Bridge |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion