Virtualization Security

As virtualization technology improves, organizations are becoming more and more interested in server virtualization. While many of the techniques used to secure non-virtualized servers would still apply to virtualized systems, some significant differences exist. This article takes a look at host OS-based and bare metal virtualization and the security challenges involved.

Virtualization & Hypervisors

In basic terms, virtualization is the ability to emulate hardware through software. It is software that simulates a hardware platform. No matter what, some type of operating system (OS) must be booted from the hardware. With virtualization, the OS is first booted, then an emulation software stack is loaded. This stack is referred to as a hypervisor.

The hypervisor refers to the component that emulates specific hardware configurations to guest operating systems. When a guest logs into a virtual machine (VM), simulated hardware is detected through the hypervisor, thus abstracting the guest OS from the actual hardware. This effectively adds a component of versatility. The hypervisor is able to create multiple simulated environments, or multiple VMs. This permits users to run multiple operating systems, even if they have slightly different hardware requirements.

Two Types of Virtualization

Virtualization is available in two ways: host OS-based or bare metal. When virtualization is run in the former manner, it is run like any other application. This allows the administrator to level any tools capable of running on the host OS while managing the environment. However, the host OS increases the amount of code that is executed on the system, and in doing so, increases the surface area of potential attacks.

By contrast, a bare metal system still relies on an operating system, however, the OS has been stripped down to the bare minimum necessary to support the virtualized environment. This reduces the number of available tools, but decreases the amount of code that can potentially be exploited. It can also be argued that bare metal systems can be more difficult to patch and upgrade.

Security Challenges: Policy & Process

Patrick Lin, senior director of project management at VMware says, “Virtualization is both an opportunity and a threat.” Despite the attractive advantages, there are a number of challenges that plague virtualized environments.

One common concern is the uncontrolled or unmanaged proliferation of virtual servers, which might result in rogue VMs that are unprotected. Since VMs are created with relative ease, this may increase complexity of patch and change management.

The potential for free and open communication between VMs poses another significant risk. This highlights the necessity of controlling how information is shared between processing environments. If not, the isolation approach that hinders one physical server from acting as a platform for malware (or other attacks) will erode.

Another security challenge is providing adequate safeguards for encryption keys. This is particularly difficult when sharing vMemory between VMs in an uncontrolled manner. The keys that reside in memory might be compromised if another VM access the correct (or incorrect) memory page. While the normal operation of VMs on the same server might prevent this from happening, a compromised hypervisor or VM might break weak controls which are meant to prevent such errors.

Security Challenges: Technical Considerations

As you can see, the virtualization security issues introduced thus far can be addressed through implementing the correct policies and processes. Another way to limit the potential for attacks is by reducing the amount of code that is being executed on the virtualization host. This reduces the chances of an exploit to be introduced.

In virtualized environments, the hypervisor always creates a software connection between systems. This means there is no way to totally isolate one operating system from another without migrating one of the operating systems to a different hardware platform. This persistent software connection leads many to feel that virtualization can never be as securely configured as a legacy network.

Legacy servers are dictated by limitations of hardware availability and cost. This reality forces administrators to combine multiple services on the same system, meaning that if any of the services happen to be compromised, other services would go down as well.

With virtualization, admins can run multiple operating systems on the same hardware platform. This renders it far more cost effective to provide each service with its own dedicated operating system. Although each operating system is connected through a software bridge in the hypervisor, the fact that each service runs within its own VM container reduces the chance of compromise. In this way, a virtualization deployment would be more secure than its legacy counterpart.

Potential data misplacement represents another virtualization security issue. Within an IaaS environment, each VM is usually stored as a single file. When storage requirements change, those files may be resized appropriately. Reducing the size of one partition to increase the size of another creates the potential for the sectors containing the deleted file information to move from one VM to another. This might inadvertently allow the owner of the second VM to recover file information that was stored as part of the first VM. Of course, with physical storage, this issue would not surface.

Summary

This article takes a look at virtualization in two forms: host OS-based and bare metal virtualization. It also introduces some security concerns, including uncontrolled proliferation; free and open communication; and encryption key safeguards. Technical security challenges unique to a virtualized environment are also discussed.

CCSK Exam Preparation

In preparation for the Certificate of Cloud Security Knowledge (CCSK), a security professional should be comfortable with topics related to this post, including:

• Virtual machine security features (Domain 13)
• VM attack services (Domain 13)
• Compartmentalization of VMs (Domain 13)