Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(369.94KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 74 countries worldwide.
Virtualization and Security Aspects: An Overview
Rui Filipe Pereira, Rui Miguel Silva, João Pedro Orvalho
Pages - 154 - 173     |    Revised - 31-10-2020     |    Published - 01-12-2020
Volume - 14   Issue - 5    |    Publication Date - December 2020  Table of Contents
MORE INFORMATION
KEYWORDS
Virtualization, Cybersecurity, Hypervisor, Virtual Machine, Virtual Machine Monitor.
ABSTRACT
Virtualization allows a single system to concurrently run multiple isolated virtual machines, operating systems (OSes) or multiple instances of a single OS. It helps organizations to improve operational efficiency, reduce costs, improve the use of hardware, and to allocate resources on-demand. Nevertheless, like most technologies, it has vulnerabilities and threats. Research about security issues related to virtualization has been conducted for several years. However, there are still open challenges related to security in virtualization. This paper looks into some of the differences, issues, challenges, and risks caused by virtualization and aims to classify the various virtualization approaches, along with their goals, advantages and drawbacks from a security perspective. Such classification is expected to help in the identification of virtualization technologies that might be applied in a virtualized infrastructure.

This work is intended to be an introduction to the security considerations, concerns, and implications arising from use of virtualized systems.
1 J. S. Reuben, “A Survey on Virtual Machine Security,” 2007.
2 D. Rosado, R. Gómez, D. Mellado, and E. Fernández-Medina, “Security Analysis in the Migration to Cloud Environments,” Futur. Internet, vol. 4, pp. 469–487, 2012.
3 M. Pearce, S. Zeadally, and R. Hunt, “Virtualization: Issues, security threats, and solutions,” ACM Comput. Surv., vol. 45, pp. 17:1-17:39, 2013.
4 T. Ormandy, “An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments,” in CanSecWest 2007, 2007, pp. 1–10.
5 N. Aaraj, A. Raghunathan, and N. K. Jha, “Virtualization-assisted Framework for Prevention of Software Vulnerability Based Security Attacks,” 2007.
6 A. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. Skalsky, “HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity,” 2010, pp. 38–49.
7 F. Bazargan, C. Yeun, and J. Zemerly, “State-of-the-Art of Virtualization, its Security Threats and Deployment Models,” Int. J. Inf. Secur. Res., vol. 3, 2013.
8 D. Tank, A. Aggarwal, and N. Chaubey, “Virtualization vulnerabilities, security issues, and solutions: a critical study and comparison,” Int. J. Inf. Technol., 2019.
9 VMware, “Achieving Compliance in a Virtualized Environment,” 2008.
10 M. Cobb, “A preview of PCI virtualization specifications,” 2011.
11 CVE Details, “Vmware Esxi : CVE security vulnerabilities, versions and detailed reports.” [Online]. Available: https://www.cvedetails.com/product/22134/Vmware- Esxi.html?vendor_id=252.
12 S. Jagathpal, “Information Security Blog,” 18-Feb-2010. [Online]. Available: http://shobhajagathpal.blogspot.com/2010_02_01_archive.html.
13 S. Orrin and O’Berry David, “Building Security Beneath the OS - The Security Content Automation,” 2011.
14 K. Kortchinsky, “Cloudburst: Hacking 3D (and Breaking Out of VMware) for Black Hat USA 2009,” 2009.
15 A. Pingios, “CVE-2009-3692: VirtualBox VBoxNetAdpCtl Privilege Escalation,” 2009. [Online]. Available: https://xorl.wordpress.com/2009/10/13/cve-2009-3692-virtualbox- vboxnetadpctl-privilege-escalation/.
16 D. D. Zovi, “Hardware virtualization based rootkits.” Black Hat USA, 2006.
17 M. P. Souppaya, K. Scarfone, and P. Hoffman, “Guide to Security for Full Virtualization Technologies,” 2011.
18 C. Li, A. Raghunathan, and N. K. Jha, “Secure Virtual Machine Execution under an Untrusted Management OS,” in Proceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010, 2010, pp. 172–179.
19 A. Baruchi and R. L. Piantola, “Análise Quantitativa de Técnicas de Virtualização Como Ambiente de Testes.”
20 R. Morabito, J. Kjällman, and M. Komu, “Hypervisors vs. Lightweight Virtualization: A Performance Comparison,” 2015.
21 K. Adams and O. Agesen, “A Comparison of Software and Hardware Techniques for X86 Virtualization,” SIGOPS Oper. Syst. Rev., vol. 40, no. 5, pp. 2–13, Oct. 2006.
22 VMware, “VMware Understanding Full Virtualization, Paravirtualization, and Hardware Assist,” 2008.
23 R. P. Goldberg, “Survey of virtual machine research,” Computer (Long. Beach. Calif)., vol. 7, no. 6, pp. 34–45, Jun. 1974.
24 N. Kiyanclar, “A Survey of Virtualization Techniques Focusing on Secure On-Demand Cluster Computing,” 2005.
25 TechNavio, “Global Endpoint Server Security Market 2011-2015.”
26 L. Wood, “Research and Markets: Global Endpoint Server Security Market 2011-2015 | Business Wire,” 13-Aug-2012. [Online]. Available:https://www.businesswire.com/news/home/20120813005608/en/Research-Markets-Global- Endpoint-Server-Security-Market.
27 G. J. Popek and R. P. Goldberg, “Formal Requirements for Virtualizable Third Generation Architectures,” Commun. ACM, vol. 17, no. 7, pp. 412–421, Jul. 1974.
28 S. Ray, “Towards a Formalization of the X86 Instruction Set Architecture,” 2008.
29 F. Tsifountidis, “Virtualization Security: Virtual Machine Monitoring and Introspection,” 2011.
30 C. Strachey, “Time sharing in large, fast computers.,” in IFIP Congress, 1959, pp. 336–341.
31 J. McCarthy, “Reminiscences on the History of Time-Sharing,” IEEE Ann. Hist. Comput., vol. 14, no. 1, pp. 19–24, Jan. 1992.
32 J. Howlett, “The Atlas Computer Laboratory,” IEEE Ann. Hist. Comput., vol. 21, no. 1, pp. 17–23, Jan. 1999.
33 D. Morris, F. H. Sumner, and M. T. Wyld, “An Appraisal of the Atlas Supervisor,” in Proceedings of the 1967 22nd National Conference, 1967, pp. 67–75.
34 B. S. Brawn, F. G. Gustavson, and E. S. Mankin, “Sorting in a paging environment,” Commun. ACM, vol. 13, pp. 483–494, 1970.
35 P. J. Denning, “Performance Evaluation: Experimental Computer Science at its Best,” 1981.
36 J. Hoopes, Ed., “Chapter 1 - An Introduction to Virtualization,” in Virtualization for Security, Boston: Syngress, 2009, pp. 1–43.
37 S. E. Madnick and J. J. Donovan, “Application and Analysis of the Virtual Machine Approach to Information System Security and Isolation,” in Proceedings of the Workshop on Virtual Computer Systems, 1973, pp. 210–224.
38 J. C. C. dos Santos Ramos, “Security challenges with virtualization,” Universidade de Lisboa, 2009.
39 V. Bourne, “Unleashing the Power of Virtualization,” 2010.
40 P. Barham et al., “Xen and the Art of Virtualization,” SIGOPS Oper. Syst. Rev., vol. 37, no. 5, pp. 164–177, Oct. 2003.
41 A. Whitaker, M. Shaw, and S. D. Gribble, “Scale and Performance in the Denali Isolation Kernel,” SIGOPS Oper. Syst. Rev., vol. 36, no. SI, pp. 195–209, Dec. 2003.
42 M. D. Schroeder and J. H. Saltzer, “A Hardware Architecture for Implementing Protection Rings,” Commun. ACM, vol. 15, no. 3, pp. 157–170, Mar. 1972.
43 J. Franklin, M. Luk, J. M. McCune, A. Seshadri, A. Perrig, and L. van Doorn, “Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking,” SIGOPS Oper. Syst. Rev., vol. 42, no. 3, pp. 83–92, Apr. 2008.
44 P. Ferrie, “Attacks on Virtual Machine Emulators,” 2007.
45 T. Liston and E. Skoudis, “On the Cutting Edge: Thwarting Virtual Machine Detection.”
46 T. Garfinkel, K. Adams, A. Warfield, and J. Franklin, “Compatibility Is Not Transparency: VMM Detection Myths and Realities.,” 2007.
47 N. M. Upadhyay and R. S. Singh, “An effective scheme for memory congestion reduction in multi-core environment,” J. King Saud Univ. - Comput. Inf. Sci., 2020, [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1319157820303888.
48 G. Pék, L. Buttyán, and B. Bencsáth, “A Survey of Security Issues in Hardware Virtualization,” ACM Comput. Surv., vol. 45, no. 3, Jul. 2013.
49 M. Comeau, “Protect your infrastructure with virtualization security management,” 2017. https://searchservervirtualization.techtarget.com/tip/Protect-your-infrastructure-with- virtualization-security-management.
Mr. Rui Filipe Pereira
Lab UbiNET – Computer Science Security and Cybercrime, Polytechnic Institute Of Beja, Beja - Portugal
rui.pereira@protonmail.ch
Mr. Rui Miguel Silva
Lab UbiNET – Computer Science Security and Cybercrime, Polytechnic Institute Of Beja, Beja - Portugal
Mr. João Pedro Orvalho
Lab UbiNET – Computer Science Security and Cybercrime, Polytechnic Institute Of Beja, Beja - Portugal