A Study On Virtualization And Virtual Machines

Abstract

  • Cloud computing is an emerging technology important for data storage and on-demand computing.

  • Users can access and retrieve data anytime and from anywhere, leading to increased flexibility.

  • Concerns exist regarding data privacy due to multiple users sharing storage.

  • Virtualization creates a virtual environment to isolate and manage user data, allowing multiple operating systems to run on one machine.

Introduction

  • Cloud computing involves virtualization, on-demand deployment, internal service delivery, and open-source software.

  • Virtualization is crucial in maintaining virtual servers, hiding physical resource properties.

  • Virtual servers offer scalability, and users pay based on usage, making it affordable.

  • The paper covers types of virtualization, potential attacks at the virtualization level, and their implications.

Virtualization Architecture

  • Virtualization forms differ based on the layer applied but use a hypervisor (or VMM) to manage interactions.

  • Types of Virtualization:

    • Native Virtualization: Hypervisor is implemented on physical hardware without a host OS, controlling guest OS resources.

    • Hosted Virtualization: Hypervisor operates as an application on a host OS that manages resources.

Benefits of Virtualization

  • Lower costs

  • Improved backup and disaster recovery

  • Faster application deployment

  • Improved cloud migration

  • Centralized management

Different Methods of Virtualization

  • Virtualization exists between physical hardware and the operating system, optimizing resource use.

  • Methods:

    1. Operating System-based Virtualization: Runs software on guest OS while isolating resources.

    2. Hypervisor-based Virtualization: Separates OS from hardware, sharing hardware across VMs to maintain resource partitioning.

    3. Application-based Virtualization: Layered on other technologies, allowing applications to run in isolated configurations without altering the host OS.

Virtualization Concerns

Virtualization and VMs

  • If isolation fails, attackers can communicate with VMs to exploit vulnerabilities.

  • Methods of attack include Trojans and malware, targeting guest OS functionality.

  • Attackers controlling Dom0 can exhaust system resources.

VM Sprawl

  • VMs' ease of creation leads to security challenges due to monitoring difficulties.

  • Compromised VMs increase vulnerability to attacks, consuming resources and creating entry points for security breaches.

Denial of Service (DoS) Attacks

  • DoS attacks aim to render services unavailable by consuming system resources, affecting VM performance.

  • Hypervisors can prevent resource monopolization and restart VMs upon detection of extreme resource use.

VM Escape Attack

  • An exploit allowing malicious code on a VM to access the hypervisor, compromising all VMs.

  • Compromise risks include loss of both VM and host control.

  • Recommendations to reduce vulnerability:

    • Regularly patch VM software.

    • Limit resource-sharing features.

    • Minimize software installations to reduce vulnerabilities.

Conclusion

  • Virtualization itself isn't insecure but introduces new vulnerabilities requiring enhanced security processes.

  • Maintaining VM security, especially with fast instance creation, is challenging.

  • Protection of both host and guest OS is essential to ensure a secure virtual environment.