Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Xen , Linux Vserver , Planet Lab
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Virtual techdays INDIA │ 9-11 February 2011 Cross Hypervisor Management Using SCVMM 2008 R2 Vikas Madan │ Partner Consultant II, Microsoft Corporation.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Virtualization in Data Centers Prashant Shenoy
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Cloud Usability Framework
Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.
M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Virtualization for Cloud Computing
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
5205 – IT Service Delivery and Support
ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.
Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Introduction to Cloud Computing
Virtual Machine Hosting for Networked Clusters: Building the Foundations for “Autonomic” Orchestration Based on paper by Laura Grit, David Irwin, Aydan.
Cloud Models – Iaas, Paas, SaaS, Chapter- 7 Introduction of cloud computing.
Introduction to VMware Virtualization
A Cloud is a type of parallel and distributed system consisting of a collection of inter- connected and virtualized computers that are dynamically provisioned.
Virtual Machine Course Rofideh Hadighi University of Science and Technology of Mazandaran, 31 Dec 2009.
Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.
V IRTUALIZATION Sayed Ahmed B.Sc. Engineering in Computer Science & Engineering M.Sc. In Computer Science.
M.A.Doman Short video intro Model for enabling the delivery of computing as a SERVICE.
Ethical and Social...J.M.Kizza 1 Module 11: New Frontiers for Computer Ethics: Virtualization and Virtual Reality Virtualization History of Virtualization.
Microsoft Virtual Academy.
Windows Azure Conference 2014 Deploy your Java workloads on Windows Azure.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Challenges towards Elastic Power Management in Internet Data Center.
אלעד חיון שותף ומנהל מוצרים ותוכנה בחברת U-BTech מרצה בכיר ומנהל תחום Management במכללת הי - טק.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
Neil Sanderson 24 October, Early days for virtualisation Virtualization Adoption x86 servers used for virtualization Virtualization adoption.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Server Virtualization
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
VMware vSphere Configuration and Management v6
Security in Cloud Computing Zac Douglass Chris Kahn.
Security Vulnerabilities in A Virtual Environment
Microsoft Virtual Academy. Microsoft Virtual Academy First HalfSecond Half (01) Introduction to Microsoft Virtualization(05) Hyper-V Management (02) Hyper-V.
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.
Web Technologies Lecture 13 Introduction to cloud computing.
Cyber in the Cloud & Network Enabling Offense and Defense Mark Odell April 28, 2015.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
Page 1 Cloud Computing JYOTI GARG CSE 3 RD YEAR UIET KUK.
Chapter 6: Securing the Cloud
Introduction to VMware Virtualization
Virtual Servers.
Oracle Solaris Zones Study Purpose Only
1. 2 VIRTUAL MACHINES By: Satya Prasanna Mallick Reg.No
Group 8 Virtualization of the Cloud
Network Services, Cloud Computing, and Virtualization
Chapter 2. Malware Analysis in VMs
Virtualization Layer Virtual Hardware Virtual Networking
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
How to Mitigate the Consequences What are the Countermeasures?
Presentation transcript:

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA

Virtual Machine and Virtual Infrastructure A virtual machine is a tightly isolated software container that can run its own operating systems and applications as if it were a physical computer. A virtual infrastructure lets you share your physical resources of multiple machines across your entire infrastructure. In a virtual Infrastructure, many virtual machines interact with each other, are created and destroyed dynamically and move from one physical hardware to another seamlessly. We call the physical system which provides virtualization as Host. Virtual Machine and its Operating system is called the guest.

Properties of Virtual Infrastructure Decouples software environment from its underlying hardware infrastructure so one can aggregate multiple servers, storage infrastructure and networks into shared pools of resources. (Scaling, Mobility) Virtual Machines can be deployed on an ad hoc basis, and destroyed when their purpose is served. (Transience, Diversity) Virtual machines can be provisioned using a template, thus 100s of VMs can be spawned in a short time.(Scaling, Diversity, Lifecycle) State of the virtual machine (or a group of virtual machines) can be check- pointed and reverted whenever necessary.(Software Lifecycle, Data Lifetime) Resources in a virtual infrastructure can be scheduled dynamically for maintenance of part of the infrastructure. (Mobility) These properties of a Virtual Infrastructure makes it difficult to apply the traditional Computer security methods.

Risks mentioned in Gartner Report on Virtualization Security Information Security Isn't Initially Involved in the Virtualization Projects A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms Workloads of Different Trust Levels Are Consolidated Onto a Single Physical Server Without Sufficient Separation Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking There Is a Potential Loss of Separation of Duties for Network and Security Controls

New approach to security Dedicated infrastructure for enforcing security policies provided by ubiquitous virtualization layer Ubiquity will give more control to administrators to control the features like mobility and data lifetime. Moving security and management functions from guest to host(virtualization layer) has several benefits like: – Delegating management – Guest OS independence – Life cycle independence – Securely supporting diversity

Sandbox A virtual machine can be used to create a sandbox that is a restricted environment with limited resources on the host machine. Untrusted code can be run in this environment to protect the host machine. This is the original security model provided by the Java platform

Data Security Virtualization of systems allows them to have a consistent patch level and configuration It can isolate different workloads in the host machine This is an important aspect in security for the vitualisation enabled cloud computing

Intrusion Detection Intrusion Detection Systems (IDS) are venerable to attack when they reside on the host machine A network based IDS has less information about what is happening to the host A virtual machine monitor (VMM) can be used to inform a network based IDS mediate both hardware and software interactions on the host machine The operations of the virtual machine on the host can be logged for analysis later without relying on the integrity of the host operating system

Problems Logging using Virtual Machine Monitors can make sensitive data persist on a virtual machine Once a Virtual Machine is infected it has full access to the host machine as opposed to infecting the host machine’s OS Establishing the identity of a Virtual machine can be difficult because of their mobility between systems and dynamic creation of the machines Because of the ease of creating more VMs it can be difficult to manage them and keep them secure Transient nature so a machine can briefly appear and infect others and then disappear

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.