Home   >   CSC-OpenAccess Library   >    Manuscript Information
Virtualization and Security Aspects: An Overview
Rui Filipe Pereira, Rui Miguel Silva, João Pedro Orvalho
Pages - 154 - 173     |    Revised - 31-10-2020     |    Published - 01-12-2020
Volume - 14   Issue - 5    |    Publication Date - December 2020  Table of Contents
MORE INFORMATION
KEYWORDS
Virtualization, Cybersecurity, Hypervisor, Virtual Machine, Virtual Machine Monitor.
ABSTRACT
Virtualization allows a single system to concurrently run multiple isolated virtual machines, operating systems (OSes) or multiple instances of a single OS. It helps organizations to improve operational efficiency, reduce costs, improve the use of hardware, and to allocate resources on-demand. Nevertheless, like most technologies, it has vulnerabilities and threats. Research about security issues related to virtualization has been conducted for several years. However, there are still open challenges related to security in virtualization. This paper looks into some of the differences, issues, challenges, and risks caused by virtualization and aims to classify the various virtualization approaches, along with their goals, advantages and drawbacks from a security perspective. Such classification is expected to help in the identification of virtualization technologies that might be applied in a virtualized infrastructure.

This work is intended to be an introduction to the security considerations, concerns, and implications arising from use of virtualized systems.
A. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. Skalsky, “HyperSentry: Enabling Stealthy In-context Measurement of Hypervisor Integrity,” 2010, pp. 38–49.
A. Baruchi and R. L. Piantola, “Análise Quantitativa de Técnicas de Virtualização Como Ambiente de Testes.”
A. Pingios, “CVE-2009-3692: VirtualBox VBoxNetAdpCtl Privilege Escalation,” 2009. [Online]. Available: https://xorl.wordpress.com/2009/10/13/cve-2009-3692-virtualbox- vboxnetadpctl-privilege-escalation/.
A. Whitaker, M. Shaw, and S. D. Gribble, “Scale and Performance in the Denali Isolation Kernel,” SIGOPS Oper. Syst. Rev., vol. 36, no. SI, pp. 195–209, Dec. 2003.
B. S. Brawn, F. G. Gustavson, and E. S. Mankin, “Sorting in a paging environment,” Commun. ACM, vol. 13, pp. 483–494, 1970.
C. Li, A. Raghunathan, and N. K. Jha, “Secure Virtual Machine Execution under an Untrusted Management OS,” in Proceedings - 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010, 2010, pp. 172–179.
C. Strachey, “Time sharing in large, fast computers.,” in IFIP Congress, 1959, pp. 336–341.
CVE Details, “Vmware Esxi : CVE security vulnerabilities, versions and detailed reports.” [Online]. Available: https://www.cvedetails.com/product/22134/Vmware- Esxi.html?vendor_id=252.
D. D. Zovi, “Hardware virtualization based rootkits.” Black Hat USA, 2006.
D. Morris, F. H. Sumner, and M. T. Wyld, “An Appraisal of the Atlas Supervisor,” in Proceedings of the 1967 22nd National Conference, 1967, pp. 67–75.
D. Rosado, R. Gómez, D. Mellado, and E. Fernández-Medina, “Security Analysis in the Migration to Cloud Environments,” Futur. Internet, vol. 4, pp. 469–487, 2012.
D. Tank, A. Aggarwal, and N. Chaubey, “Virtualization vulnerabilities, security issues, and solutions: a critical study and comparison,” Int. J. Inf. Technol., 2019.
F. Bazargan, C. Yeun, and J. Zemerly, “State-of-the-Art of Virtualization, its Security Threats and Deployment Models,” Int. J. Inf. Secur. Res., vol. 3, 2013.
F. Tsifountidis, “Virtualization Security: Virtual Machine Monitoring and Introspection,” 2011.
G. J. Popek and R. P. Goldberg, “Formal Requirements for Virtualizable Third Generation Architectures,” Commun. ACM, vol. 17, no. 7, pp. 412–421, Jul. 1974.
G. Pék, L. Buttyán, and B. Bencsáth, “A Survey of Security Issues in Hardware Virtualization,” ACM Comput. Surv., vol. 45, no. 3, Jul. 2013.
J. C. C. dos Santos Ramos, “Security challenges with virtualization,” Universidade de Lisboa, 2009.
J. Franklin, M. Luk, J. M. McCune, A. Seshadri, A. Perrig, and L. van Doorn, “Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking,” SIGOPS Oper. Syst. Rev., vol. 42, no. 3, pp. 83–92, Apr. 2008.
J. Hoopes, Ed., “Chapter 1 - An Introduction to Virtualization,” in Virtualization for Security, Boston: Syngress, 2009, pp. 1–43.
J. Howlett, “The Atlas Computer Laboratory,” IEEE Ann. Hist. Comput., vol. 21, no. 1, pp. 17–23, Jan. 1999.
J. McCarthy, “Reminiscences on the History of Time-Sharing,” IEEE Ann. Hist. Comput., vol. 14, no. 1, pp. 19–24, Jan. 1992.
J. S. Reuben, “A Survey on Virtual Machine Security,” 2007.
K. Adams and O. Agesen, “A Comparison of Software and Hardware Techniques for X86 Virtualization,” SIGOPS Oper. Syst. Rev., vol. 40, no. 5, pp. 2–13, Oct. 2006.
K. Kortchinsky, “Cloudburst: Hacking 3D (and Breaking Out of VMware) for Black Hat USA 2009,” 2009.
L. Wood, “Research and Markets: Global Endpoint Server Security Market 2011-2015 | Business Wire,” 13-Aug-2012. [Online]. Available:https://www.businesswire.com/news/home/20120813005608/en/Research-Markets-Global- Endpoint-Server-Security-Market.
M. Cobb, “A preview of PCI virtualization specifications,” 2011.
M. Comeau, “Protect your infrastructure with virtualization security management,” 2017. https://searchservervirtualization.techtarget.com/tip/Protect-your-infrastructure-with- virtualization-security-management.
M. D. Schroeder and J. H. Saltzer, “A Hardware Architecture for Implementing Protection Rings,” Commun. ACM, vol. 15, no. 3, pp. 157–170, Mar. 1972.
M. P. Souppaya, K. Scarfone, and P. Hoffman, “Guide to Security for Full Virtualization Technologies,” 2011.
M. Pearce, S. Zeadally, and R. Hunt, “Virtualization: Issues, security threats, and solutions,” ACM Comput. Surv., vol. 45, pp. 17:1-17:39, 2013.
N. Aaraj, A. Raghunathan, and N. K. Jha, “Virtualization-assisted Framework for Prevention of Software Vulnerability Based Security Attacks,” 2007.
N. Kiyanclar, “A Survey of Virtualization Techniques Focusing on Secure On-Demand Cluster Computing,” 2005.
N. M. Upadhyay and R. S. Singh, “An effective scheme for memory congestion reduction in multi-core environment,” J. King Saud Univ. - Comput. Inf. Sci., 2020, [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1319157820303888.
P. Barham et al., “Xen and the Art of Virtualization,” SIGOPS Oper. Syst. Rev., vol. 37, no. 5, pp. 164–177, Oct. 2003.
P. Ferrie, “Attacks on Virtual Machine Emulators,” 2007.
P. J. Denning, “Performance Evaluation: Experimental Computer Science at its Best,” 1981.
R. Morabito, J. Kjällman, and M. Komu, “Hypervisors vs. Lightweight Virtualization: A Performance Comparison,” 2015.
R. P. Goldberg, “Survey of virtual machine research,” Computer (Long. Beach. Calif)., vol. 7, no. 6, pp. 34–45, Jun. 1974.
S. E. Madnick and J. J. Donovan, “Application and Analysis of the Virtual Machine Approach to Information System Security and Isolation,” in Proceedings of the Workshop on Virtual Computer Systems, 1973, pp. 210–224.
S. Jagathpal, “Information Security Blog,” 18-Feb-2010. [Online]. Available: http://shobhajagathpal.blogspot.com/2010_02_01_archive.html.
S. Orrin and O’Berry David, “Building Security Beneath the OS - The Security Content Automation,” 2011.
S. Ray, “Towards a Formalization of the X86 Instruction Set Architecture,” 2008.
T. Garfinkel, K. Adams, A. Warfield, and J. Franklin, “Compatibility Is Not Transparency: VMM Detection Myths and Realities.,” 2007.
T. Liston and E. Skoudis, “On the Cutting Edge: Thwarting Virtual Machine Detection.”
T. Ormandy, “An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments,” in CanSecWest 2007, 2007, pp. 1–10.
TechNavio, “Global Endpoint Server Security Market 2011-2015.”
V. Bourne, “Unleashing the Power of Virtualization,” 2010.
VMware, “Achieving Compliance in a Virtualized Environment,” 2008.
VMware, “VMware Understanding Full Virtualization, Paravirtualization, and Hardware Assist,” 2008.
Mr. Rui Filipe Pereira
Lab UbiNET – Computer Science Security and Cybercrime, Polytechnic Institute Of Beja, Beja - Portugal
rui.pereira@protonmail.ch
Mr. Rui Miguel Silva
Lab UbiNET – Computer Science Security and Cybercrime, Polytechnic Institute Of Beja, Beja - Portugal
Mr. João Pedro Orvalho
Lab UbiNET – Computer Science Security and Cybercrime, Polytechnic Institute Of Beja, Beja - Portugal