Securing Vmware

Total Page:16

File Type:pdf, Size:1020Kb

Securing Vmware June 2008 Securing VMware Analytics Report As IT groups spawn new virtual machines at a breakneck pace, security is too often an afterthought. Can VMware’s dominance of the enterprise server virtualization market buy us some breathing room? By Joe Hernick InformationWeek Analytics Reports InformationWeek Analytics | Securing VMware 2 TABLE OF CONTENTS 4 Author’s Bio 5 Executive Summary 6 Research Synopsis 7 Securing VMware: A Shifting Landscape 7 What’s Old Is New 9 Danger On The Horizon 10 Real Threat, But Few Real Answers 11 Enter The VMsafe 12 Fruits Of Their Labor 14 Who’s Responsible For Virtualization Security? 15 Road From Perdition 20 Appendix June 2008 © 2008 InformationWeek, Reproduction Prohibited InformationWeek Analytics | Securing VMware 3 TABLE OF CONTENTS 7 Figure 1: Primary Server Virtualization Platform 8 Figure 2: VMware ESX Hosts in Production 9 Figure 3: Virtualized Servers Per VM Host 10 Figure 4: Perception of VM Security Risk 12 Figure 5: Addressing Security Concerns in Virtualized Environments 13 Figure 6: Approaches to Change Management/VM Provisioning 14 Figure 7: VM Security Tool Deployment Plans 15 Figure 8: Hyperjacking Concerns 16 Figure 9: Security Patch Management 17 Figure 10: VM-specific Security Tool Production 18 Figure 11: Planned Security Spending for Virtualized Environments 20 Figure 12: Involvement in Security Initiatives 20 Figure 13: Involvement in IT Operations 21 Figure 14: Job Title 21 Figure 15: Company Revenue 22 Figure 16: Industry 22 Figure 17: Company Size June 2008 © 2008 InformationWeek, Reproduction Prohibited InformationWeek Analytics | Securing VMware 4 Joe Hernick has covered virtualization, storage, operating sys- tems, voice, and other topics for InformationWeek, Network Computing, and other publications for seven years. Joe sits on the editorial advisory board for Dark Reading and is a member of the CAIS Commission on Technology. He has been involved in start- ups, training, consulting, and most recently was a technology services manager at a Fortune 100 insurance company, where his work involved OS rollouts for 63,000 desktops, Y2K readiness, call-center load balancing, automated pharmacies, new-site con- struction, old-site consolidation, and HIPAA compliance. Joe currently manages InformationWeek’s Virtualization Test Lab, running VMware, Citrix Xen, Virtual Iron, Microsoft, and Parallels hosts. He holds a BA in Economics, a Master’s in Information Management and is a PMI-certified Project Management Professional. June 2008 © 2008 InformationWeek, Reproduction Prohibited InformationWeek Analytics | Securing VMware 5 Executive Summary: Our survey on the state of VMware security revealed some startling facts: Just four in 10 consider hyperjacking a realistic threat, and nearly half take a laissez faire approach to virtual machine provisioning and management. Some even let business units deploy VMs with no oversight, perhaps because 20% assert that VMs are safer than physical servers. The reality—and a concept that many IT and business managers fail to grasp—is that a virtual server is still a server. A production VM, and its host, must be held to the same level of rigor as a comparable physical production server, with identical change management policies for approval, deployment, patching, and other processes. We’re not saying we’d turn back the virtualization tide, even if that were possible. The ability to abstract servers from the physical world to the virtual—P2V—and consolidate mul- tiple legacy servers onto a smaller number of virtualization hosts is yielding signifi- cant financial and operational advantages, including a smaller attack surface and opti- mized performance. However, virtualization also creates management and security challenges not faced in legacy data center environments. For now, there are few new security concepts required once you enter the virtualized world. Traditional best practices are just as important, if not more important, than VM-specific security toolsets. Still, any hypervisor needs to have security baked in from the beginning, not tacked on as an afterthought. Armies of attackers are no doubt working feverishly for the bragging rights that will come with being among the first to hyperjack a high-value server. So are industry-leading virtualization vendors doing enough to keep us safe? VMware currently dominates the enterprise-server virtualization market, though Microsoft is in hot pursuit. We’ll examine whether VMware’s VMsafe program—which provides APIs with hooks into the ESX hypervisor—will pay off for IT, and maybe even help keep Hyper-V at bay. For this report, we interviewed security experts from VMware and VMsafe partner vendors and polled 423 business technology professionals to assess concerns over, and security strategies in place for, virtualized environments in real-world organizations. We talked to security professionals who support—and are critical of—the burgeoning virtualization-specific security market, and even had a chat with Simon Crosby, CTO of VMware competitor Citrix, regarding the state of virtualization security. What he had to say about VMware’s security initiatives may just surprise you. June 2008 © 2008 InformationWeek, Reproduction Prohibited InformationWeek Analytics | Securing VMware 6 Research Synopsis Survey Name: InformationWeek Analytics VMware Security Survey Survey Date: May 2008 Region: North America Number of Respondents: 423 Purpose: To examine security concerns and practices for virtualized servers among business technology professionals. Methodology: The InformationWeek Analytics VMware Security Study was fielded on the Web in May 2008. This report examines the responses of 423 business technology professionals. The sample for this project was taken from the subscriber base of InformationWeek. The results of the survey were aggregated and analyzed by representatives of InformationWeek. June 2008 © 2008 InformationWeek, Reproduction Prohibited InformationWeek Analytics | Securing VMware 7 Securing VMware: A Shifting Landscape Each security vendor we interviewed for this report is focusing on product development for VMware. And all of those vendors also have plans for Hyper-V and/or Xen product development. Making like Switzerland between VMware and Microsoft is a rational move—a reality backed up by our survey of 423 business technology professionals. VMware is still the dominant player in server virtualization, with 56% of installations, most Infrastructure3/ESX. But our poll reflects the growing influence of Microsoft: 24% of respondents listed either Hyper-V or Virtual Server 2005 as their primary server virtualization platforms. Citrix XenServer took third, with 7%. This is a far cry from estimates of 70% to 80% VMware ownership of the server virtualization landscape. An outlier? Maybe. While VMware has the longest track record and the broadest slate of product offerings, other vendors are racing to catch up. We expected Hyper-V to make a mark, but we must admit to being surprised by these results. Figure 1 Primary Server We want to be very clear on this point, because Virtualization Platform it informs our security recommendations: The Which virtual machine (VM) hosting/hypervisor system is virtualization market is still developing, with your organization's primary server virtualization platform? Hyper-V riding Windows Server 2008 into the data center this year, Citrix leveraging a large 45% VMware Infrastructure 3/ESX 52% Presentation Server installed base, and myriad Viruses boutique hypervisor vendors targeting niche 24% Microsoft (Virtual Server 2005 or Hyper-V) market segments. Before buying virtualization- specific security products, especially those that 7% Citrix XenServer hook into a particular VM infrastructure, make sure you know where you’ll be in a year or two. 2% Parallels/SWSoft/Virtuozzo For now, scrupulously applying the security les- 2% sons we all learned the hard way in the physical Oracle VM world should keep your virtual systems safe 1% while you plot a course—assuming you haven’t Novell SUSE/Xen gone VM wild. 1% Solaris Containers / Sun xVM WHAT’S OLD IS NEW 1% In our poll, when we asked about VM-specific Virtual Iron security plans, 39% said they don’t need special- 11% ized tools, opining that a VM is just another Other VMware server. 2% Other Well, yes and no. 3% None The problem is, the ease with which we can cre- Data: InformationWeek Analytics VMware Security Survey ate and deploy virtual servers has gone to a few of 423 business technology professionals IT pros’ heads—provisioning a VM takes literally June 2008 © 2008 InformationWeek, Reproduction Prohibited VMwareSecurity 1 52% Viruses InformationWeek Analytics | Securing VMware 8 minutes. People who ought to Figure 2 know better are dispatching VMware ESX Hosts in Production VMs into the wild at a pace that How many VMware ESX hosts are in production in your organization? outstrips internal security review and audit procedures. 4% More than 100 Blame it on budget pressure, 17% customer demand, weak man- 11-50 agement toolsets, lack of VM- specific policies, the animal 76% Fewer than 10 attraction of sexy technology, good-old human foolishness, 3% running out of data center 51-100 space, or any combination of the above. The fact is, many organi- Data: InformationWeek Analytics VMware Security Survey of 423 business technology professionals zations today are running ESX shops by the seat of their pants. And we don’t expect Hyper-V to help matters. But that’s another report. An ESX host, at its
Recommended publications
  • Security in Live Virtual Machine Migration
    SECURITY IN LIVE VIRTUAL MACHINE MIGRATION A Thesis by Shah Payal Hemchand B.E., Government College of Engineering, North Maharashtra University, Jalgaon, 2008 Submitted to Department of Electrical and Computer Engineering and faculty of the Graduate School of Wichita State University in partial fulfillment of the requirements for the degree of Master of Science December 2011 © Copyright 2011 by Shah Payal Hemchand All Rights Reserved ii SECURITY IN LIVE VIRTUAL MACHINE MIGRATION The following faculty members have examined the final copy of this thesis for form and content, and recommend that it be accepted in partial fulfillment of the requirement for the degree of Master of Science with a major in Computer Networking. _________________________________ Ravi Pendse, Committee Chair _________________________________ Abu Asaduzzaman, Committee Member _________________________________ Linda Kliment, Committee Member iii DEDICATION To the Almighty, my family, for their continuing support and patience; to my WSU friends for their significant advice and time throughout the completion of my thesis. iv ACKNOWLEDGEMENTS I sincerely thank my thesis advisor, Dr. Ravindra Pendse for his devoted motivation and supervision throughout my career at Wichita State University. His guidance helped me complete my thesis successfully. By working as a Graduate Research Assistant for him I gained knowledge, and professional work ethics. I take this opportunity to thank Amarnath Jasti for his constant support and guidance throughout my thesis. His suggestion and advice helped me understand the technology and gain more knowledge. His opinion towards my academic and career were valuable. I would like to thank members of the committee for their effort and time. I would like to extend my gratitude towards to Yonatan Assefa and all those who directly or indirectly helped motivate me with my research.
    [Show full text]
  • 22 April 2007 1 Microsoft Confidential
    22 April 2007 Microsoft Confidential 1 What is malware? What is the impact? How has malware evolved? Who is in the malware chain? How is malware created? How do we respond? 22 April 2007 Microsoft Confidential 2 Innocuous No potential for harm Notepad Ad-supported software Advertising Displays ads Unauthorized pop-ups Authorized search toolbar Collects personal data Collects data Covert data collector Spyware and other Potentially Settings utilities Changes settings Changes configuration Unwanted Software Browser hijacker Programs that perform certain behaviors Parental controls Records keystrokes Monitoring without appropriate user consentKeystroke and control loggers ISP software Auto-dials toll numbers Dialing Porn dialers Cycle sharing programs Remote usage Remotely uses resources Backdoor software Viruses, Worms, Trojans Known bad Clearly malicious (e.g., virus) Sasser Programs that perform known bad activities 22 April 2007 Microsoft Confidential 3 1986 - 1995 1995 - 2000 2000 - 2005 2006+ Local Area Networks Internet Era Broadband prevalent Peer to Peer First PC virus Macro viruses Spyware Social engineering Boot sector viruses Script viruses Botnets Hyperjacking Create notoriety or Create notoriety or Rootkits Application attacks cause havoc cause havoc Financial motivation Financial motivation Slow propagation Faster propagation Internet wide impact Targeted attacks 16-bit DOS 32-bit Windows 32-bit Windows 64-bit Windows 22 April 2007 Microsoft Confidential 4 Greek English (US) Finnish Chinese (Simplified) Hebrew 2.4% 4.0%
    [Show full text]
  • PCI DSS Virtualization Guidelines
    Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011 Author: Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines Information Supplement • PCI DSS Virtualization Guidelines • June 2011 Table of Contents 1 Introduction ....................................................................................................................... 3 1.1 Audience ................................................................................................................ 3 1.2 Intended Use .......................................................................................................... 4 2 Virtualization Overview .................................................................................................... 5 2.1 Virtualization Concepts and Classes ..................................................................... 5 2.2 Virtual System Components and Scoping Guidance ............................................. 7 3 Risks for Virtualized Environments .............................................................................. 10 3.1 Vulnerabilities in the Physical Environment Apply in a Virtual Environment ....... 10 3.2 Hypervisor Creates New Attack Surface ............................................................. 10 3.3 Increased Complexity of Virtualized Systems and Networks .............................. 11 3.4 More Than One Function per Physical System ................................................... 11 3.5 Mixing VMs of
    [Show full text]
  • 46 Evolution of Attacks, Threat Models, and Solutions for Virtualized
    Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems DANIELE SGANDURRA and EMIL LUPU, Imperial College London Virtualization technology enables Cloud providers to efficiently use their computing services and resources. Even if the benefits in terms of performance, maintenance, and cost are evident, however, virtualization has also been exploited by attackers to devise new ways to compromise a system. To address these problems, research security solutions have evolved considerably over the years to cope with new attacks and threat models. In this work, we review the protection strategies proposed in the literature and show how some of the solutions have been invalidated by new attacks, or threat models, that were previously not considered. The goal is to show the evolution of the threats, and of the related security and trust assumptions, in virtualized systems that have given rise to complex threat models and the corresponding sophistication of protection strategies to deal with such attacks. We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers—in particular, hardware, virtualization, OS, and application. 46 Categories and Subject Descriptors: K.6.5 [Management of Computing and Information Systems]: Security and Protection—Unauthorized access General Terms: Security, Algorithms, Measurement Additional Key Words and Phrases: Virtualization, threat models, Cloud computing, integrity attacks ACM Reference Format: Daniele Sgandurra and Emil Lupu. 2016. Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. 48, 3, Article 46 (February 2016), 38 pages. DOI: http://dx.doi.org/10.1145/2856126 1. INTRODUCTION Virtualization increases the efficient use of computing services and resources in terms of their performance, maintenance, and cost by enabling multiple environments, such as operating systems (OSes), to share the same physical resources.
    [Show full text]
  • Vgw Virtual Gateway Virtual Gateway Virtual
    vGW Virtual Gateway Administration Guide Release 4.5 Service Pack 1 Copyright © 2011, Juniper Networks, Inc Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785. SOFTWARE LICENSE The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you indicate that you understand and agree to be bound by those terms and conditions.
    [Show full text]
  • Secure Data Center Networking with Open Vswitch
    Secure Data Center Networking with Open vSwitch Pa Pa Hlaing University of Computer Studies, Yangon [email protected] Abstract agility and isolation of VMs. Most physical switches deployed in conventional DCNs are not designed for either supporting such unique VM Data centers have become the next- requirements or flexible enough to augment new generation computing platforms for enterprises functionalities [7]. At the same time, VM and Internet users. This is primarily due to the networking has inherently unique characteristics, economic and technical advantages of resource such as the awareness of the migration of VMs sharing in data centers. By sharing computing and their multicast membership. Therefore, much and storage resources through services such as research has begun exploring the opportunity to cloud computing or software-as-a-service (SaaS), introduce a new, flexible and programmable users can amortize the cost of hardware and networking layer based on the knowledge of software. Because of the virtualization of VMs. resources, a new virtualized network access layer Modern data center networks consist of both has been introduced to interconnect VMs within physical networks connected by switches and the data centers. In data center, hosts have been virtual networks formed by VMs running inside recently employed virtual switch to interconnect physical hosts. Inside one computer, many VMs virtual machines (VMs) within data center can exist (as many as 120 VMs per host), each of networks. Virtual Switch is essential to control which has at least one virtual network interface and manage VM within the hosts. Open vSwitch, card (VNIC). The VNICs communicate with a network switch specifically built for Xen external networks through the host’s physical virtualization environment is presented.
    [Show full text]
  • REVISTA ECONOMICĂ Supplement No
    REVISTA ECONOMICĂ Supplement No. 5/2012 Journal of economic-financial theory and practice CNCSIS reference: B+, Code 478 Frequency: 6 issues/year Editor Prof. Dan Popescu, Ph.D., Dr. H.C. of University of Rennes 1, France and Dr.H.C. of Academy of Economic Studies of Moldova Deputy Editor Prof. Liviu Mihăescu, Ph.D. Scientific Committee Prof. Dan Popescu, Ph.D., Dr.H.C. – Lucian Blaga University of Sibiu, Romania Prof. Liviu Mihăescu, Ph.D. – Lucian Blaga University of Sibiu, Romania Prof. Livia Ilie, Ph.D. – “Lucian Blaga” University of Sibiu, Romania Acad. Prof. Iulian Văcărel, Ph.D. – Romanian Academy Prof. Lucian–Liviu ALBU, Ph.D. – Director, Institute of Economic Forecasting of the Romanian Academy, corresponding member of the Romanian Academy Prof. Sergiu Chircă, Ph.D., Dr. hab. – Academy of Economic Studies of Moldova, Honorary Member of the Romanian Academy Prof. Mircea Ciumara, Ph.D. – Director, National Institute of Economic Research, Romania Prof. Viorel Cornescu, Ph.D. – The University of Bucharest, Romania Prof. Francesco d'Esposito, Ph.D. – The Gabrielle d'Annunzio University, Pescara, Italy Prof. Ion Pohoaţă, Ph.D. – Alexandru Ioan Cuza University of Iaşi, Romania Prof. Robert Labbé, Ph.D. – University of Rennes 1, France Acad.Prof. Grigore Belostecinic, Ph.D. Dr. hab., Dr.H.C. – Academy of Economic Studies of Moldova Prof. Alexander Kostov, Ph.D. – Director, Institute for Balkan Studies, Sofia, Bulgaria Assoc. Nicolae Petria, Ph.D. – Lucian Blaga University of Sibiu, Romania Assoc. Razvan Șerbu, Ph.D. – Lucian Blaga University of Sibiu, Romania Lect. Bogdan Mârza, Ph.D. – Lucian Blaga University of Sibiu, Romania Prof.
    [Show full text]
  • S32 - a Primer on Virtualization Tom Ray
    S32 - A Primer on Virtualization Tom Ray A Primer on Virtualization Ignoring the man behind the curtain? Agenda • Top 3 things you need to know about Virtualization when you Audit it, & your IT & IT security groups. – What IS virtualization? – What are the issues? – What is a reasonable, “AUDIT-READY” secure Reference Architecture? • Discuss how to Audit a virtualized IT 2 1 What is Virtualization? 3 Some Observations • It is NOT new (but some developments are) • It is an “already expected ” cost containment technology in many IT departments • Before you can answer “what is” you need to identify which kind you are interested in • It is jargon and acronym-rich, & it’s vendor balkanized • It is (still) immature and so nothing does it full justice – no one approach, no set of standards, or vendor, or architecture, or set of components, or framework, or technology, or technique, or regulations, etc. • It will radically impact how you “do” IT & environments 4 2 What are the Issues? 5 In Summary 1. Disconnect between Logical and Physical is exploited for the technology’s benefit; not the humans’ 2. Dynamism 3. Blur & Ease of Sprawl – Increased Complexity & Interdependencies – Overlap of various roles’ capabilities 4. Resource equation is still a zero-sum game (at best) – Same staff (IT & Business) – Same Procedures? , … same Tools? 5. The technology’s Immaturity 6. Our IT Operations Immaturity 7. The CIO’s Drivers (expectations, motivations & intentions) 6 3 What is a reasonable, “AUDIT‐READY” secure Reference Architecture? 7 2 Security Reference Architectures Durable Non Compliance People / Organizations X Processes / Tasks / RnR Metrics? Threat Technologies / Constructs X Mitigation Build Specs / Contracts / Metrics? Documentation Technical-Trust Enablement 1.
    [Show full text]
  • Degree Thesis Master's Programme in Network Forensics, 60 Credits
    Degree Thesis Master's Programme in Network Forensics, 60 Credits VIRTUALISATION SECURITY ISSUES Security Issues Arises In Virtual Environment School of ITE, 15 credits Kirandeep Kaur HALMSTAD UNIVERSITY Virtualization Security Issues 1 DEDICATION I dedicate my work to my family. A special feeling of gratitude to my loving mother, Gurmeet Kaur, and my husband Navraj Singh Dhaliwal. I also dedicate this work to my In- Laws family and my sister and my few friends who supported me throughout the process. 2 ACKNOWLEDGMENTS I would like to thank and pay my special regards to my supervisor and examiner Mark Dougherty, and our program director and professors Olga Torstensson; Stefan Axelsson; and Muhammad Ahsan Rasool for the unconditional support and guidance at every step during studies. I wish to express my deepest gratitude to Slawomir Nowaczyk; Reza Khoshkangini; Abbas Orand; Sepideh Pashami; Mahmoud Rahat; Linus Andersson; Matts Skagshöj and all others who provided us great knowledge as well as my class fellows and my group mates. To Halmstad University, thank you for an unforgettable experience. 3 TABLE OF CONTENTS 1. ABSTRACT................................................................................................................. 8 2. INTRODUCTION........................................................................................................ 9 3. BACKGROUND.......................................................................................................... 9 3.1 THE VIRTUALIZATION ARCHITECTURE.....................................................10
    [Show full text]
  • Phd Husam G201301950.Pdf
    ©Husam Suwad 2018 iii Dedication To my Father and my Mother To my Wife and my kids Sama, Laya and Issa To my Brother and my Sisters To my homeland Halhul For the spirit of Martyrs iv ACKNOWLEDGMENTS All praise is due to ALLAH, the lord and sustainer of the worlds, for his countless favour and seeing me this far in life. I appreciate the support and prayers of my parents all through my life and specially in this work. To my family and relatives, I say thank you all for being there for me. My profound gratitude goes to my academic father Dr. Farag Azzedin for his constructive criticism, guidance, and the assistance he offered me throughout my thesis journey. I thank all my committee members Prof. Shokri Z. Selim, Dr. Mohammad Alshayeb, Dr. Moataz Ahmed, and Dr. Marwan Abu- Amara for their comments and support. Finally, I appreciate the help and efforts of Mr. Turki Al-hazmi. My special thanks go to my dear wife, and our children Sama Suwad, Laya Suwad, and Issa Suwad, for their love, care, understating, patience, and thoughts throughout the entire Phd program. To my special friend Mr. Ahmad Azzedin, my friends, and all Shami Community in KFUPM, I wish you all the best. I would like to Acknowledge KFUPM for giving me this opportunity. v TABLE OF CONTENTS ACKNOWLEDGEMENT v LIST OF TABLES xi LIST OF FIGURES xiii ABSTRACT (ENGLISH) xv ABSTRACT (ARABIC) xvi CHAPTER 1 INTRODUCTION 1 1.1 Attacks Economy Impact . .2 1.2 Need for Security . .4 1.3 Adaptive Security Life Cycle .
    [Show full text]
  • Intrusion Detection Techniques in Cloud Environment a Survey
    Journal of Network and Computer Applications 77 (2017) 18–47 Contents lists available at ScienceDirect Journal of Network and Computer Applications journal homepage: www.elsevier.com/locate/jnca Review Intrusion detection techniques in cloud environment: A survey ⁎ crossmark Preeti Mishraa, Emmanuel S. Pillia, , Vijay Varadharajanb, Udaya Tupakulab a Department of Computer Science and Engineering, Malaviya National Institute of Technology Jaipur, India b Department of Computing, Faculty of Science and Engineering, Macquarie University, Sydney, Australia ARTICLE INFO ABSTRACT Keywords: Security is of paramount importance in this new era of on-demand Cloud Computing. Researchers have Intrusion detection provided a survey on several intrusion detection techniques for detecting intrusions in the cloud computing Cloud security environment. Most of them provide a discussion over traditional misuse and anomaly detection techniques. Virtual machine introspection Virtual Machine Introspection (VMI) techniques are very helpful in detecting various stealth attacks targeting Hypervisor introspection user-level and kernel-level processes running in virtual machines (VMs) by placing the analyzing component Cloud attacks outside the VM generally at hypervisor. Hypervisor Introspection (HVI) techniques ensure the hypervisor security and prevent a compromised hypervisor to launch further attacks on VMs running over it. Introspection techniques introspect the hypervisor by using hardware-assisted virtualization-enabled technologies. The main focus of our paper is to provide an exhaustive literature survey of various Intrusion Detection techniques proposed for cloud environment with an analysis of their attack detection capability. We propose a threat model and attack taxonomy in cloud environment to elucidate the vulnerabilities in cloud. Our taxonomy of IDS techniques represent the state of the art classification and provides a detailed study of techniques with their distinctive features.
    [Show full text]
  • 46 Evolution of Attacks, Threat Models and Solutions for Virtualized Systems
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Spiral - Imperial College Digital Repository 46 Evolution of Attacks, Threat Models and Solutions for Virtualized Systems Daniele Sgandurra, Imperial College London Emil Lupu, Imperial College London Virtualization technology enables Cloud providers to efficiently use their computing services and resources. Even if the benefits in terms of performance, maintenance, and cost are evident, virtualization has also been exploited by attackers to devise new ways to compromise a system. To address these problems, research security solutions have considerably evolved over the years to cope with new attacks and threat models. In this work we review the protection strategies proposed in the literature and show how some of the solutions have been invalidated by new attacks, or threat models, that were previously not considered. The goal is to show the evolution of the threats, and of the related security and trust assumptions, in virtualized systems which have given rise to complex threat models and the corresponding sophistication of protection strategies to deal with such attacks. We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers, in particular hardware, virtualization, OS, application. Categories and Subject Descriptors: K.6.5 [Management of Computing and Information Systems]: Security and Protection - Unauthorized access General Terms: Security, Algorithms, Measurement Additional Key Words and Phrases: Virtualization, Threat Models, Cloud Computing, Integrity Attacks 1. INTRODUCTION Virtualization increases the efficient use of computing services and resources in terms of their performance, maintenance, and cost, by enabling multiple environments, such as operating systems (OSes), to share the same physical resources.
    [Show full text]