The Hypervisor Application Layer Guest OS Layer Virtual Machine Manager Kernel Layer Driver/Module...
-
Upload
peter-johnson -
Category
Documents
-
view
251 -
download
6
Transcript of The Hypervisor Application Layer Guest OS Layer Virtual Machine Manager Kernel Layer Driver/Module...
The Hypervisor
Application Layer
Guest OS Layer
Virtual Machine Manager
Kernel Layer
Driver/Module Layer
Hardware Layer
Hypervisor
Diagram from Edward L. Haletky, The Virtualization Practice, LLC
Type-1 Virtualization
Type-2 Virtualization
Container Virtualization
610/04/10
The Virtualization JourneyConsolidate Resources• Improved efficiency and
utilization of IT resources with simple virtualization tools
Manage Workloads• Improved IT staff productivity with
integrated systems management dashboard for physical and virtual resources
Automate Processes• Consistent and repeatable
processes based on best practices, business priorities and service level agreements with simple virtualization tools
Optimize Delivery• Self provisioned by users based
on business imperatives, unconstrained by physical barriers or location.
ManageWorkloads
AutomateProcesses
OptimizeDelivery
Consolidate Resources
Increased AgilityNetworkStorage
Server
VM Vulnerability Classes
VM Migration
Transfer from one physical server to another, with little or no downtime
For load balancing and high availability
VMWare Vmotion brochure
VM Migration attack
If transfer is unencrypted, man-in-the-middle attack is possible, allowing changes to the VM enroute.
John Oberheide et.al., Univ. of Mich.
Virtual network configuration
VMWare
Attacking the hypervisor
• Hyperjacking– Installing a rogue hypervisor:
• One method is overwriting pagefiles on disk that contain paged-out kernel code
• Force kernel to be paged out by allocating large amounts of memory• Find unused driver in page file and replace its dispatch function with
shellcode• Take action to cause the driver to be executed• Shellcode downloads the rest of the malware• HOST OS is migrated to run in a VM
– Known tools SubVirt (Microsoft and U. Mich), BluePill (Rutkowski), and others.
Security complexities raised by virtualizationComplexities
•Dynamic relocation of VMs
• Increased infrastructure layersto manage and protect
•Multiple operating systems and applications per server
•Elimination of physical boundaries between systems
•Manually tracking software and configurations of VMs
•Maintenance of virtual images
• Image sprawl (proliferation)
•Virtual appliances (Trojan Horse)
•Public Cloud risks–“Black box” sharing in clouds reduces visibility and control
–Privacy and accountability regulations
• 1:1 ratio of OSs and applications per server
• 1:Many ratio of OSs and applications per server
• Additional layer to manage and secure
After VirtualizationBefore
Virtualization
From Ajay Dholakia, IBM
Virtualization security – Driving requirementsRequirements
Secure platforms & engineering processThreat and vulnerability management
–Internal / external threat mitigationPrivileged access
–Role segregation & access controlData confidentiality and integrity
–Data @ rest ( storage ) data in transit (network) Regulatory complianceMulti-tenancy / isolation
–Isolation management of Virtual Servers Image / virtual appliance securityConsolidated systems security
–Consolidated server, storage, net. security mgmt.Systems Integrity Management
–Trusted software / firmware / hardware
From Ajay Dholakia, IBM
Virtualization Security Summary
• Virtualized systems have added new vulnerabilities to infrastructure
• Using virtualized systems doesn’t add much security, since the same server connections are still needed
• Adding the hypervisor (OS) broadens the attack surface • Additional complexity brings potential for new attacks• Migrating VM’s complicates their security• Some shops tend to have a VM for everything,
resulting in increased management work.