SlideShare ist ein Scribd-Unternehmen logo

Virtual machine security

Als PPTX, PDF herunterladen
Jacob Zvirikuzhe
Jacob Zvirikuzhe

Virtual Machine Security is part of computer security and major security measures to partake when dealing with virtual networks are elaborated.

Technologie
1 von 35
Virtual machine Security Jacob Zvirikuzhe
background  Current operating systems provide the process abstraction to achieve resource sharing and isolation. From a security perspective, however, an attacker who has compromised one process can usually gain control of the entire machine. This makes security systems running on the same computer, such as anti-virus programs or intrusion detection systems, also vulnerable to attack. In response to the imperfect isolation between processes in modern operating systems, security researchers have begun to use virtual machine technology when designing security systems
By the end of this presentation you should be able to: 1. Define a virtual machine and explain its architecture 2. Outline the types of the virtual machine environment 3. Explain virtual machine security mechanism 4. Evaluate the benefits and risks of using a VM
Def  A virtual machine(VM) is a logical process (most often an operating system) that interfaces with emulated hardware and is managed by an underlying control program.
The architecture z Guest OS Guest OS Virtual Machine Monitor hardware
cont  Most modern virtual machine systems use the virtual machine monitor (VMM) model for managing and controlling individual virtual machines. The VMM is a thin software layer that runs directly on a physical machine’s hardware
con  On top of the virtual machine monitor, there can be one or more virtual machines  The VMM provides each virtual machine with a set of virtual interfaces that resemble direct interfaces to the underlying hardware. Applications on a virtual machine can run without modification as if they were on running on a dedicated physical machine
con  The VMM allows multiple virtual machines to be running at the same time and transparently multiplexes resources between them
con  The VMM also isolates the virtual machines from one another, preventing them from accessing each other’s memory or disk space. The operating system that runs inside of a virtual machine is traditionally referred to as the guest OS, and applications running on the guest OS are referred to as guest applications.
Types of VM Environments
Type 1 and Type 2 VM Type 1 architecture  A Type I VMM runs directly on the physical hardware. It does not have an operating system running below it; the Type I VMM is fully responsible for scheduling and allocating of the system’s resources between virtual machines Type 2 architecture  A Type II VMM runs as an application in a normal operating system. This operating system controls the real hardware resources, and is typically referred to as the ”Host OS.” The host OS has no knowledge of the Type II VMM, which is treated like any other process in the system. The operating system that runs inside of the Type II VMM is referred to as the ”Guest OS.” Examples of Type-II VMM include VMWare GSX (workstation) [SVL01], UML (User-Mode Linux) [Dik00], and FAUmachine [HWS04].
Con Type 1  con Type 2  Type II VMM is running inside of a standard operating system, any security vulnerabilities that lead to the compromise of the host OS will also give full control of the guest OS.
Virtual Environment Security Mechanisms  The security of VM-based services rests on the assumption that the underlying trusted computing base (TCB) is also secure. If the TCB is compromised, then all bets are for the VM-based
Security of Virtual Machines  In a Type I virtual machine, the trusted computing base is the virtual machine monitor. Some services also need to include the dedicated secure VM as part of TCB. The TCB is considered to be secure because “It is so simple that its implementation can be reasonably expected to be correct” Virtual machine monitors are only responsible for virtualizing the physical machine’s hardware and partitioning it into logically separate virtual machines
con  Compared to a full operating system, which may have several million lines of code, VMMs have around 30,000 lines of code. Also, the secure VM typically has a reduced mini-OS without any unneeded services or components.  In addition to having a small code base, the interfaces to VMM and the dedicated security VM are much simpler, more constrained, and better specified than a standard operating system. This helps reduce the risk of security vulnerabilities.
con a) Mandatory access control:  MAC component runs in a separate VM and administrator can modify the security policy
con b) Para-virtualization:.  the interface executed by the guest OS consist of three components: “memory management, CPU, and device I/O” and the guest OS is responsible for managing these resources.
con c) Policy considerations  it is better to have proper guidelines and security policies which can be implemented dynamically in accordance with the change in the virtual environment.
 d) Virtual Layer Vulnerabilities: Here the author Michael Price [4] discusses about the layered architecture of a virtual environment and how it play a major role in security issues.  The fact that lower level layers can have control over the upper level layers if there is any malicious code or worm infected in the upper layer of the VM environment then those can be easily removed from the lower layers. But it becomes difficult to remove the malicious code if it infects the lower layer of the VM environment.
Benefits
 a) Resource Utilization: VMM are going to be used by many users at same time. Therefore resource utilization mechanism should be strong.
con virtual box is a better solution when the students need to run multiple virtual machines concurrently on their personal computers in a decentralized fashion.
con  b) Security: An important feature of virtualization is isolation. That is software running in one VM will not interact with another VM running is the same machine This gives a lot of security benefits.
con  c) Robustness: Virtualization makes the system more robust .They become more fault tolerant. If there is any problem one VM the other VM is not at all affected. More than that if an attacker gains access to one VM then he should not be able to access the other VMs associated with the machine. Also Hardware failures can be tolerated using this mechanism of isolation
con  d) Decomposition: Here once again the isolation mechanism plays an important role. Isolation can be used to decompose a system. An example, Each server may be running in different VMs on same physical machine. Decomposition has been an important step in the virtualization.
con  E) Encapsulation: According to author Michael Price [4], security aspects is improved when we use the concept of encapsulation. He also believes that fact that the services running in virtual machines are easy to encapsulate and replicate. So the author says if we can build a risk free robust application or service it can be replicated and distributed. In that way even if there is any bug or attack on one application the other applications can still run.
 f) Intrusion protection: Here the author Michael Price [4] brings the concept of clones. He talks about Signature based intrusion detection. Here the state of a system is determined by monitoring the system activity. Here he suggests that instead of looking for the patterns on the original machines, clones can be created and the events can be monitored [4]. Clones can be run in standby mode and then can be synchronized with the real machine and then the pattern of the clone activity can be monitored [4, 15].In this manner one need not compromise the real system
Security Risks in Virtualization
con  a) Scaling: it is easy to replicate a VM or creating a copy is very easy..  a single fatal event or a single system attacked with worm or malicious code can be replicated which can cause destruction to the virtual environment.
con  b) Transience: in a virtual environment large number of mobile machines comes and goes very frequently. Network with traditional machines were much more stable as it was easy to analyze the configuration of the existing network.
con  d) Diversity: in a virtual environment it is difficult to enforce homogeneity in the network. Some of the VM will be running with new updated patches, but some will be still running with the older version of OS. If one has to migrate their machine from one version to another, being a very diverse environment it would be difficult to migrate all the system from older version to newer version
con  e) Mobility: it is easy to copy VMs and it can give rise to security threats.
ref http://www.ukessays.co.uk/essays/engineering/virtualmachine-security.php#ixzz2pMwQnp5W m.jzvirikuzhe.com/virtual_machines

Empfohlen

cloud computing:Types of virtualization
cloud computing:Types of virtualizationcloud computing:Types of virtualization
cloud computing:Types of virtualizationDr.Neeraj Kumar Pandey
 
Cloud computing and service models
Cloud computing and service modelsCloud computing and service models
Cloud computing and service modelsPrateek Soni
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment modelsAshok Kumar
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
Implementation levels of virtualization
Implementation levels of virtualizationImplementation levels of virtualization
Implementation levels of virtualizationGokulnath S
 
On demand provisioning
On demand provisioningOn demand provisioning
On demand provisioningGOVERNMENT COLLEGE OF ENGINEERING,TIRUNELVELI
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
NIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureNIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureThanakrit Lersmethasakul
 

Empfohlen

cloud computing:Types of virtualization
cloud computing:Types of virtualizationcloud computing:Types of virtualization
cloud computing:Types of virtualizationDr.Neeraj Kumar Pandey
 
Cloud computing and service models
Cloud computing and service modelsCloud computing and service models
Cloud computing and service modelsPrateek Soni
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment modelsAshok Kumar
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
Implementation levels of virtualization
Implementation levels of virtualizationImplementation levels of virtualization
Implementation levels of virtualizationGokulnath S
 
On demand provisioning
On demand provisioningOn demand provisioning
On demand provisioningGOVERNMENT COLLEGE OF ENGINEERING,TIRUNELVELI
 
Cloud Computing Security Challenges
Cloud Computing Security ChallengesCloud Computing Security Challenges
Cloud Computing Security ChallengesYateesh Yadav
 
NIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureNIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureThanakrit Lersmethasakul
 
Underlying principles of parallel and distributed computing
Underlying principles of parallel and distributed computingUnderlying principles of parallel and distributed computing
Underlying principles of parallel and distributed computingGOVERNMENT COLLEGE OF ENGINEERING,TIRUNELVELI
 
VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxkumari36
 
Cloud computing system models for distributed and cloud computing
Cloud computing system models for distributed and cloud computingCloud computing system models for distributed and cloud computing
Cloud computing system models for distributed and cloud computinghrmalik20
 
Cloud computing notes
Cloud computing notesCloud computing notes
Cloud computing notesSrinivasa Rao
 
Unit 4
Unit 4Unit 4
Unit 4Ravi Kumar
 
Virtualization in cloud computing
Virtualization in cloud computingVirtualization in cloud computing
Virtualization in cloud computingMohammad Ilyas Malik
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud ComputingRishikese MR
 
Levels of Virtualization.docx
Levels of Virtualization.docxLevels of Virtualization.docx
Levels of Virtualization.docxkumari36
 
Google App Engine
Google App EngineGoogle App Engine
Google App EngineSaiteja Kaparthi
 
CS8791 Cloud Computing - Question Bank
CS8791 Cloud Computing - Question BankCS8791 Cloud Computing - Question Bank
CS8791 Cloud Computing - Question Bankpkaviya
 
Virtualization in cloud computing ppt
Virtualization in cloud computing pptVirtualization in cloud computing ppt
Virtualization in cloud computing pptMehul Patel
 
Middleware Technologies ppt
Middleware Technologies pptMiddleware Technologies ppt
Middleware Technologies pptOECLIB Odisha Electronics Control Library
 
Io t system management with
Io t system management withIo t system management with
Io t system management withxyxz
 
Cloud Computing: Virtualization
Cloud Computing: VirtualizationCloud Computing: Virtualization
Cloud Computing: VirtualizationDr.Neeraj Kumar Pandey
 
Google App Engine ppt
Google App Engine pptGoogle App Engine ppt
Google App Engine pptOECLIB Odisha Electronics Control Library
 
Vm migration techniques
Vm migration techniquesVm migration techniques
Vm migration techniquesgarishma bhatia
 
What is Virtualization and its types & Techniques.What is hypervisor and its ...
What is Virtualization and its types & Techniques.What is hypervisor and its ...What is Virtualization and its types & Techniques.What is hypervisor and its ...
What is Virtualization and its types & Techniques.What is hypervisor and its ...Shashi soni
 
Cloud Reference Model
Cloud Reference ModelCloud Reference Model
Cloud Reference ModelDr. Ramkumar Lakshminarayanan
 
Distributed computing
Distributed computingDistributed computing
Distributed computingshivli0769
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service ModelsAbhishek Pachisia
 
Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...IBM222
 
Sattt
SatttSattt
Satttsatya0564
 

Weitere ähnliche Inhalte

Was ist angesagt?

VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxkumari36
 
Cloud computing system models for distributed and cloud computing
Cloud computing system models for distributed and cloud computingCloud computing system models for distributed and cloud computing
Cloud computing system models for distributed and cloud computinghrmalik20
 
Cloud computing notes
Cloud computing notesCloud computing notes
Cloud computing notesSrinivasa Rao
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud ComputingRishikese MR
 
Levels of Virtualization.docx
Levels of Virtualization.docxLevels of Virtualization.docx
Levels of Virtualization.docxkumari36
 
CS8791 Cloud Computing - Question Bank
CS8791 Cloud Computing - Question BankCS8791 Cloud Computing - Question Bank
CS8791 Cloud Computing - Question Bankpkaviya
 
Virtualization in cloud computing ppt
Virtualization in cloud computing pptVirtualization in cloud computing ppt
Virtualization in cloud computing pptMehul Patel
 
Io t system management with
Io t system management withIo t system management with
Io t system management withxyxz
 
What is Virtualization and its types & Techniques.What is hypervisor and its ...
What is Virtualization and its types & Techniques.What is hypervisor and its ...What is Virtualization and its types & Techniques.What is hypervisor and its ...
What is Virtualization and its types & Techniques.What is hypervisor and its ...Shashi soni
 
Distributed computing
Distributed computingDistributed computing
Distributed computingshivli0769
 

Was ist angesagt? (20)

Underlying principles of parallel and distributed computing
Underlying principles of parallel and distributed computingUnderlying principles of parallel and distributed computing
Underlying principles of parallel and distributed computing
 
VIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docxVIRTUALIZATION STRUCTURES TOOLS.docx
VIRTUALIZATION STRUCTURES TOOLS.docx
 
Cloud computing system models for distributed and cloud computing
Cloud computing system models for distributed and cloud computingCloud computing system models for distributed and cloud computing
Cloud computing system models for distributed and cloud computing
 
Cloud computing notes
Cloud computing notesCloud computing notes
Cloud computing notes
 
Unit 4
Unit 4Unit 4
Unit 4
 
Virtualization in cloud computing
Virtualization in cloud computingVirtualization in cloud computing
Virtualization in cloud computing
 
Virtualization and cloud Computing
Virtualization and cloud ComputingVirtualization and cloud Computing
Virtualization and cloud Computing
 
Levels of Virtualization.docx
Levels of Virtualization.docxLevels of Virtualization.docx
Levels of Virtualization.docx
 
Google App Engine
Google App EngineGoogle App Engine
Google App Engine
 
CS8791 Cloud Computing - Question Bank
CS8791 Cloud Computing - Question BankCS8791 Cloud Computing - Question Bank
CS8791 Cloud Computing - Question Bank
 
Virtualization in cloud computing ppt
Virtualization in cloud computing pptVirtualization in cloud computing ppt
Virtualization in cloud computing ppt
 
Middleware Technologies ppt
Middleware Technologies pptMiddleware Technologies ppt
Middleware Technologies ppt
 
Io t system management with
Io t system management withIo t system management with
Io t system management with
 
Cloud Computing: Virtualization
Cloud Computing: VirtualizationCloud Computing: Virtualization
Cloud Computing: Virtualization
 
Google App Engine ppt
Google App Engine pptGoogle App Engine ppt
Google App Engine ppt
 
Vm migration techniques
Vm migration techniquesVm migration techniques
Vm migration techniques
 
What is Virtualization and its types & Techniques.What is hypervisor and its ...
What is Virtualization and its types & Techniques.What is hypervisor and its ...What is Virtualization and its types & Techniques.What is hypervisor and its ...
What is Virtualization and its types & Techniques.What is hypervisor and its ...
 
Cloud Reference Model
Cloud Reference ModelCloud Reference Model
Cloud Reference Model
 
Distributed computing
Distributed computingDistributed computing
Distributed computing
 
Cloud Service Models
Cloud Service ModelsCloud Service Models
Cloud Service Models
 

Ähnlich wie Virtual machine security

Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...IBM222
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...IJORCS
 
virtualization.pptx
virtualization.pptxvirtualization.pptx
virtualization.pptxssuser6e6eec
 
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...ijcncs
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
Analysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesAnalysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesShakil Ahmed
 
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTING
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTINGA SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTING
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTINGijcsit
 
A Survey on Security Challenges of Virtualization Technology in Cloud Computing
A Survey on Security Challenges of Virtualization Technology in Cloud ComputingA Survey on Security Challenges of Virtualization Technology in Cloud Computing
A Survey on Security Challenges of Virtualization Technology in Cloud ComputingAIRCC Publishing Corporation
 
Virtualization security
Virtualization securityVirtualization security
Virtualization securityAhmed Nour
 
A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Modulenexgentechnology
 
A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Modulenexgentechnology
 
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULENexgen Technology
 
A trusted iaa s environment
A trusted iaa s environmentA trusted iaa s environment
A trusted iaa s environmentnexgentech15
 
Security challenges for adoption of virtualization for effective e governance
Security challenges for adoption of virtualization for effective e governanceSecurity challenges for adoption of virtualization for effective e governance
Security challenges for adoption of virtualization for effective e governanceAdam Bert Lacay
 
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...IJNSA Journal
 

Ähnlich wie Virtual machine security (20)

Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...Identifying and analyzing security threats to virtualized cloud computing inf...
Identifying and analyzing security threats to virtualized cloud computing inf...
 
Sattt
SatttSattt
Sattt
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...Using Virtualization Technique to Increase Security and Reduce Energy Consump...
Using Virtualization Technique to Increase Security and Reduce Energy Consump...
 
virtualization.pptx
virtualization.pptxvirtualization.pptx
virtualization.pptx
 
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Tech...
 
Todd Deshane's PhD Proposal
Todd Deshane's PhD ProposalTodd Deshane's PhD Proposal
Todd Deshane's PhD Proposal
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Analysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architecturesAnalysis of monolithic and microkernel architectures
Analysis of monolithic and microkernel architectures
 
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTING
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTINGA SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTING
A SURVEY ON SECURITY CHALLENGES OF VIRTUALIZATION TECHNOLOGY IN CLOUD COMPUTING
 
A Survey on Security Challenges of Virtualization Technology in Cloud Computing
A Survey on Security Challenges of Virtualization Technology in Cloud ComputingA Survey on Security Challenges of Virtualization Technology in Cloud Computing
A Survey on Security Challenges of Virtualization Technology in Cloud Computing
 
Virtualization security
Virtualization securityVirtualization security
Virtualization security
 
A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module
 
A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module A Trusted IaaS Environment with Hardware Security Module
A Trusted IaaS Environment with Hardware Security Module
 
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
A TRUSTED IAAS ENVIRONMENT WITH HARDWARE SECURITY MODULE
 
A trusted iaa s environment
A trusted iaa s environmentA trusted iaa s environment
A trusted iaa s environment
 
Security challenges for adoption of virtualization for effective e governance
Security challenges for adoption of virtualization for effective e governanceSecurity challenges for adoption of virtualization for effective e governance
Security challenges for adoption of virtualization for effective e governance
 
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...
 
Virtual machine subhash gupta
Virtual machine subhash guptaVirtual machine subhash gupta
Virtual machine subhash gupta
 

Mehr von Jacob Zvirikuzhe

Introduction to comp science
Introduction to comp scienceIntroduction to comp science
Introduction to comp scienceJacob Zvirikuzhe
 
Football footsteps half hour
Football footsteps half hourFootball footsteps half hour
Football footsteps half hourJacob Zvirikuzhe
 
Printing a workbook and worksheets
Printing a workbook and worksheetsPrinting a workbook and worksheets
Printing a workbook and worksheetsJacob Zvirikuzhe
 
Printing a workbook and worksheets
Printing a workbook and worksheetsPrinting a workbook and worksheets
Printing a workbook and worksheetsJacob Zvirikuzhe
 

Mehr von Jacob Zvirikuzhe (7)

Introduction to comp science
Introduction to comp scienceIntroduction to comp science
Introduction to comp science
 
Football footsteps half hour
Football footsteps half hourFootball footsteps half hour
Football footsteps half hour
 
Concurrency control
Concurrency controlConcurrency control
Concurrency control
 
Printing a workbook and worksheets
Printing a workbook and worksheetsPrinting a workbook and worksheets
Printing a workbook and worksheets
 
Printing a workbook and worksheets
Printing a workbook and worksheetsPrinting a workbook and worksheets
Printing a workbook and worksheets
 
Printers
PrintersPrinters
Printers
 
Printers
PrintersPrinters
Printers
 

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Virtual machine security

  • 2. background  Current operating systems provide the process abstraction to achieve resource sharing and isolation. From a security perspective, however, an attacker who has compromised one process can usually gain control of the entire machine. This makes security systems running on the same computer, such as anti-virus programs or intrusion detection systems, also vulnerable to attack. In response to the imperfect isolation between processes in modern operating systems, security researchers have begun to use virtual machine technology when designing security systems
  • 3. By the end of this presentation you should be able to: 1. Define a virtual machine and explain its architecture 2. Outline the types of the virtual machine environment 3. Explain virtual machine security mechanism 4. Evaluate the benefits and risks of using a VM
  • 4. Def  A virtual machine(VM) is a logical process (most often an operating system) that interfaces with emulated hardware and is managed by an underlying control program.
  • 5. The architecture z Guest OS Guest OS Virtual Machine Monitor hardware
  • 6. cont  Most modern virtual machine systems use the virtual machine monitor (VMM) model for managing and controlling individual virtual machines. The VMM is a thin software layer that runs directly on a physical machine’s hardware
  • 7. con  On top of the virtual machine monitor, there can be one or more virtual machines  The VMM provides each virtual machine with a set of virtual interfaces that resemble direct interfaces to the underlying hardware. Applications on a virtual machine can run without modification as if they were on running on a dedicated physical machine
  • 8. con  The VMM allows multiple virtual machines to be running at the same time and transparently multiplexes resources between them
  • 9. con  The VMM also isolates the virtual machines from one another, preventing them from accessing each other’s memory or disk space. The operating system that runs inside of a virtual machine is traditionally referred to as the guest OS, and applications running on the guest OS are referred to as guest applications.
  • 10.
  • 11.
  • 12. Types of VM Environments
  • 13. Type 1 and Type 2 VM Type 1 architecture  A Type I VMM runs directly on the physical hardware. It does not have an operating system running below it; the Type I VMM is fully responsible for scheduling and allocating of the system’s resources between virtual machines Type 2 architecture  A Type II VMM runs as an application in a normal operating system. This operating system controls the real hardware resources, and is typically referred to as the ”Host OS.” The host OS has no knowledge of the Type II VMM, which is treated like any other process in the system. The operating system that runs inside of the Type II VMM is referred to as the ”Guest OS.” Examples of Type-II VMM include VMWare GSX (workstation) [SVL01], UML (User-Mode Linux) [Dik00], and FAUmachine [HWS04].
  • 14. Con Type 1  con Type 2  Type II VMM is running inside of a standard operating system, any security vulnerabilities that lead to the compromise of the host OS will also give full control of the guest OS.
  • 15. Virtual Environment Security Mechanisms  The security of VM-based services rests on the assumption that the underlying trusted computing base (TCB) is also secure. If the TCB is compromised, then all bets are for the VM-based
  • 16. Security of Virtual Machines  In a Type I virtual machine, the trusted computing base is the virtual machine monitor. Some services also need to include the dedicated secure VM as part of TCB. The TCB is considered to be secure because “It is so simple that its implementation can be reasonably expected to be correct” Virtual machine monitors are only responsible for virtualizing the physical machine’s hardware and partitioning it into logically separate virtual machines
  • 17. con  Compared to a full operating system, which may have several million lines of code, VMMs have around 30,000 lines of code. Also, the secure VM typically has a reduced mini-OS without any unneeded services or components.  In addition to having a small code base, the interfaces to VMM and the dedicated security VM are much simpler, more constrained, and better specified than a standard operating system. This helps reduce the risk of security vulnerabilities.
  • 18. con a) Mandatory access control:  MAC component runs in a separate VM and administrator can modify the security policy
  • 19. con b) Para-virtualization:.  the interface executed by the guest OS consist of three components: “memory management, CPU, and device I/O” and the guest OS is responsible for managing these resources.
  • 20. con c) Policy considerations  it is better to have proper guidelines and security policies which can be implemented dynamically in accordance with the change in the virtual environment.
  • 21.  d) Virtual Layer Vulnerabilities: Here the author Michael Price [4] discusses about the layered architecture of a virtual environment and how it play a major role in security issues.  The fact that lower level layers can have control over the upper level layers if there is any malicious code or worm infected in the upper layer of the VM environment then those can be easily removed from the lower layers. But it becomes difficult to remove the malicious code if it infects the lower layer of the VM environment.
  • 23.  a) Resource Utilization: VMM are going to be used by many users at same time. Therefore resource utilization mechanism should be strong.
  • 24. con virtual box is a better solution when the students need to run multiple virtual machines concurrently on their personal computers in a decentralized fashion.
  • 25. con  b) Security: An important feature of virtualization is isolation. That is software running in one VM will not interact with another VM running is the same machine This gives a lot of security benefits.
  • 26. con  c) Robustness: Virtualization makes the system more robust .They become more fault tolerant. If there is any problem one VM the other VM is not at all affected. More than that if an attacker gains access to one VM then he should not be able to access the other VMs associated with the machine. Also Hardware failures can be tolerated using this mechanism of isolation
  • 27. con  d) Decomposition: Here once again the isolation mechanism plays an important role. Isolation can be used to decompose a system. An example, Each server may be running in different VMs on same physical machine. Decomposition has been an important step in the virtualization.
  • 28. con  E) Encapsulation: According to author Michael Price [4], security aspects is improved when we use the concept of encapsulation. He also believes that fact that the services running in virtual machines are easy to encapsulate and replicate. So the author says if we can build a risk free robust application or service it can be replicated and distributed. In that way even if there is any bug or attack on one application the other applications can still run.
  • 29.  f) Intrusion protection: Here the author Michael Price [4] brings the concept of clones. He talks about Signature based intrusion detection. Here the state of a system is determined by monitoring the system activity. Here he suggests that instead of looking for the patterns on the original machines, clones can be created and the events can be monitored [4]. Clones can be run in standby mode and then can be synchronized with the real machine and then the pattern of the clone activity can be monitored [4, 15].In this manner one need not compromise the real system
  • 30. Security Risks in Virtualization
  • 31. con  a) Scaling: it is easy to replicate a VM or creating a copy is very easy..  a single fatal event or a single system attacked with worm or malicious code can be replicated which can cause destruction to the virtual environment.
  • 32. con  b) Transience: in a virtual environment large number of mobile machines comes and goes very frequently. Network with traditional machines were much more stable as it was easy to analyze the configuration of the existing network.
  • 33. con  d) Diversity: in a virtual environment it is difficult to enforce homogeneity in the network. Some of the VM will be running with new updated patches, but some will be still running with the older version of OS. If one has to migrate their machine from one version to another, being a very diverse environment it would be difficult to migrate all the system from older version to newer version
  • 34. con  e) Mobility: it is easy to copy VMs and it can give rise to security threats.