Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA."— Presentation transcript:

1 Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA

2 Virtual Machine and Virtual Infrastructure A virtual machine is a tightly isolated software container that can run its own operating systems and applications as if it were a physical computer. A virtual infrastructure lets you share your physical resources of multiple machines across your entire infrastructure. In a virtual Infrastructure, many virtual machines interact with each other, are created and destroyed dynamically and move from one physical hardware to another seamlessly. We call the physical system which provides virtualization as Host. Virtual Machine and its Operating system is called the guest.

3 Properties of Virtual Infrastructure Decouples software environment from its underlying hardware infrastructure so one can aggregate multiple servers, storage infrastructure and networks into shared pools of resources. (Scaling, Mobility) Virtual Machines can be deployed on an ad hoc basis, and destroyed when their purpose is served. (Transience, Diversity) Virtual machines can be provisioned using a template, thus 100s of VMs can be spawned in a short time.(Scaling, Diversity, Lifecycle) State of the virtual machine (or a group of virtual machines) can be check- pointed and reverted whenever necessary.(Software Lifecycle, Data Lifetime) Resources in a virtual infrastructure can be scheduled dynamically for maintenance of part of the infrastructure. (Mobility) These properties of a Virtual Infrastructure makes it difficult to apply the traditional Computer security methods.

4 Risks mentioned in Gartner Report on Virtualization Security Information Security Isn't Initially Involved in the Virtualization Projects A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms Workloads of Different Trust Levels Are Consolidated Onto a Single Physical Server Without Sufficient Separation Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking There Is a Potential Loss of Separation of Duties for Network and Security Controls

5 New approach to security Dedicated infrastructure for enforcing security policies provided by ubiquitous virtualization layer Ubiquity will give more control to administrators to control the features like mobility and data lifetime. Moving security and management functions from guest to host(virtualization layer) has several benefits like: – Delegating management – Guest OS independence – Life cycle independence – Securely supporting diversity

6 Sandbox A virtual machine can be used to create a sandbox that is a restricted environment with limited resources on the host machine. Untrusted code can be run in this environment to protect the host machine. This is the original security model provided by the Java platform

7 Data Security Virtualization of systems allows them to have a consistent patch level and configuration It can isolate different workloads in the host machine This is an important aspect in security for the vitualisation enabled cloud computing

8 Intrusion Detection Intrusion Detection Systems (IDS) are venerable to attack when they reside on the host machine A network based IDS has less information about what is happening to the host A virtual machine monitor (VMM) can be used to inform a network based IDS mediate both hardware and software interactions on the host machine The operations of the virtual machine on the host can be logged for analysis later without relying on the integrity of the host operating system

9 Problems Logging using Virtual Machine Monitors can make sensitive data persist on a virtual machine Once a Virtual Machine is infected it has full access to the host machine as opposed to infecting the host machine’s OS Establishing the identity of a Virtual machine can be difficult because of their mobility between systems and dynamic creation of the machines Because of the ease of creating more VMs it can be difficult to manage them and keep them secure Transient nature so a machine can briefly appear and infect others and then disappear

Download ppt "Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.

Chapter 22: Cloud Computing and Related Security Issues Guide to Computer Network Security.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Xen , Linux Vserver , Planet Lab

Xen , Linux Vserver , Planet Lab
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.

Tunis, Tunisia, 28 April 2014 Business Values of Virtualization Mounir Ferjani, Senior Product Manager, Huawei Technologies 2.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.

Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Virtual techdays INDIA │ 9-11 February 2011 Cross Hypervisor Management Using SCVMM 2008 R2 Vikas Madan │ Partner Consultant II, Microsoft Corporation.

Virtual techdays INDIA │ 9-11 February 2011 Cross Hypervisor Management Using SCVMM 2008 R2 Vikas Madan │ Partner Consultant II, Microsoft Corporation.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Virtualization in Data Centers Prashant Shenoy

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Virtualization in Data Centers Prashant Shenoy
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Cloud Usability Framework

Cloud Usability Framework
Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.

Chapter 21: Mobile Virtualization Infrastracture and Related Security Issues Guide to Computer Network Security.
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.

ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.
Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.

Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface.

Similar presentations

Ads by Google