Virtualization and Cloud Security

Module-1

Suvendu Chandan Nayak

BTech, MTech, PhD (Submitted)
Mentor-IT
CTIS, Bhubaneswar
1/10/2020 S C Nayak, CTIS 1
Primary Risk in Virtualization
• Monitoring of attacks and unusual events are
more complex due to additional layer that is
hypervisor. (H/W-Hypervisor-OS)
• No guarantee due to dynamic nature of Virtual
environment.
(Virtual Sprawl-: Due to dynamically change of
virtual environment, there is chance of lose of track
of online and offline applications, this phenomenon
is called as virtual sprawl)
• Moving of workload from one VM to another as
per the requirements. (i.e workload from high level
security VM to low level security VM).
1/10/2020 S C Nayak, CTIS 2
 Issues
Following security threats resulting from
virtualization properties:
•Untrusted Components and Hypervisor trusts
model: OS trust H/w, OS trusts virtual H/W and
Hypervisor, so authenticity of hypervisor is required.
• Transparent virtualization: Denotes a hypervisor
is undetectable and is automatically trusted.(i.e
Hypervisor can alter any data inside VM, creates
problems.)
• Hypervisor Insertion: Different methods are used
to insert hypervisor in OS and to move the OS from
PM to VM.
1/10/2020 S C Nayak, CTIS 3
 Issues
•Introspection & intervention by hypervisor:
(Introspection: A technique for monitoring the
runtime state of a system-level virtual machine
(VM), protecting a security application from
attack by malicious software)
VM scaling & cloning: Clone VM is identical to
the original so may cause name and address
collisions on network.
• Monotonicity issues due to nonlinear VM
operation: Create issues for data in
configuration, logging & monitoring
1/10/2020 S C Nayak, CTIS 4
 Issues
•S/w decoupling from physical & h/w
environment: Unable to locate the physical
location of VM that creates problem for
management and administration.
• Weak Implementation: (Two Issues)
Transparency breaches (Failure in s/w, All files
should be properly installed)
Resource Control breaches: Major issue in
information security (There two types of
information leakage, into VM and out of VM)
1/10/2020 S C Nayak, CTIS 5
 Thank You

1/10/2020 S C Nayak, CTIS 6

 Virtual Threats
•DOS is a normal attack.
Except DoS different vulnerabilities are in VE
 Shared clipboard: Shared clipboard is used to data
transfer among VMs and Host machine.
 Keystroke Logging:
 VM monitoring from the Host:
 VM monitoring from another VM:Virtual hub or
switch is used so ARP technique is used by hacking.
 VM Backdoors: The backdoor is a channel of
communication between the client and the
hypervisor. It allows guests to enjoy the hyper-calls on
the hypervisor.
1/10/2020 S C Nayak, CTIS 7
Five Laws of Virtualization Security
•Burton Group proposed 5 laws to take security
decision
 All existing OS level attacks work in the exact
same way.
 The hypervisor attack surface is additive to a
system’s risk profile.
 VM monitoring from the Host:
 Separating functionality and / or content into
VM will reduce risk.
 Aggregating functions and resources into a
physical platform will increase risk.
1/10/2020 S C Nayak, CTIS 8
Five Laws of Virtualization Security
•Burton Group proposed 5 laws to take
security decision
 Trusted VM over untrusted host has
higher risk.

1/10/2020 S C Nayak, CTIS 9

 Virtual Machine Threat Levels
Classified into 3 levels
• Abnormally Terminated
• Partially Compromised: Corrupting
checkpoints or over allocating resources
• Totally Compromised: VM is completely
overtaken and directed to execute
unauthorized commands on its host.

1/10/2020 S C Nayak, CTIS 10

 Hypervisor Security
• The programs run on desktop and server are
secured.
• But the program controls the hypervisor need
to be secured
• It is important to secure virtualization
management system to be secured, coz it
provides authentication to the user to access
functionalities.
• Currently pass word protection is only one
way for hypervisor, other mechanism is
required.
1/10/2020 S C Nayak, CTIS 11
 Hypervisor Security
• Various ways are used to manage hypervisor.
• Manage through multiple methods: local and
remotely access of hypervisor interface.
• Enable and disable of capabilities of remote
administration.
• If enabled must be the interface should be
restricted through firewall.
• Hypervisor management communication
should be protected.
• A dedicated management communication
network must be there.
1/10/2020 S C Nayak, CTIS 12
 Hypervisor Security
• Communication in untrusted line should be
encrypted.
• Limited access to the hypervisor is necessary.
• Major vulnerabilities in the hypervisor are
 Rogue hypervisor rootkits
 External modification to hypervisor
 VM escape

1/10/2020 S C Nayak, CTIS 13

 Rogue hypervisor rootkits
• Guest OS runs like traditional OS and
manages all in the VM and host machine.
• Rootkit has nice grip in hypervisor in hacker
community.
• It can hide VM from malware detection
system by initiating rouge hypervisor.
• Create a cover channel to get rid of
unauthorized code into the system.
• Hypervisor Rootkit can insert into RAM,
downgrade the host OS and make itself
invisible.
1/10/2020 S C Nayak, CTIS 14
 Rogue hypervisor rootkits
• It is undetectable.
• Creates serious vulnerability: It restricts
malware detection, discover and remove
mechanism.
• For intrusion detection and correction
malware code detection is important.
• Some malware remains inactive and hidden
till it can penetrate the physical host, then
executes its payload.
1/10/2020 S C Nayak, CTIS 15
 External Modification of the
Hypervisor
• In addition to the rootkit, a poorly protected
hypervisor can create an attack vector.
• A self protected VM allows direct
modification of its hypervisor by external
source.
• This is not acceptable for the hypervisor in
the regular process.

1/10/2020 S C Nayak, CTIS 16

 VM Escape
• An improperly configured VM can allow
code to completely bypass the virtual
environment and get full kernel access of
physical host.
• It is a failure of security mechanism of the
system called VM escape.
• It helps attacker to execute arbitrary on
VMs by escaping hypervisor.

1/10/2020 S C Nayak, CTIS 17

 Different types of Security
recommendations for Hypervisor
• All updates should be installed to the
hypervisor (install updates, patch
management solutions, etc).
• Hypervisor should check updates
automatically and install them if found.
• Limit administration access to the
management interface of hypervisor
(dedicated management channel and must
be protected, encrypted and authenticated).
• Virtualized infrastructure should be
synchronized.
1/10/2020 S C Nayak, CTIS 18
 Different types of Security
recommendations for Hypervisor
• Unused physical hardware should be
disconnected from host.
• Enable hypervisor services if their are
needed.
• Security of guest OS should be monitored, if
it is compromised, hypervisor security
service should be allowed to monitor.
• Monitor of activities among the guest OS.
• Monitor the hypervisor for finding out the
clues
1/10/2020
of compromise.
S C Nayak, CTIS 19
 Host/Platform Security
• Different configuration options are used for
host platform that connects the VMM and
virtual guests to physical network
depending upon system architecture.
• In the network firewalls are used, but not
sufficient to protects all paths to host
machine.
• So host/platform security can be obtained
by placing protection or adjusting or
maintaining different resources.
1/10/2020 S C Nayak, CTIS 20
 Host/Platform Security
There are two major security approach:
 Bastion Host
 OS hardening
• Bastion Host: It is special purpose
computer which is deployed on a public
network designed to screen the network
security.
• OS Hardening: Harden to compromise, OS
should be properly configured, update,
remove of unwanted applications and
services.
1/10/2020 S C Nayak, CTIS 21
 Host/Platform Security
• To increase security in host OS, the
applications running on host OS should be
minimized than hypervisor.
• As guest OS runs under host OS, the
security of host OS depends upon the guest
OS. So a tight access control is required to
protect host OS.

1/10/2020 S C Nayak, CTIS 22

 Securing Communications
• It is important to secure the communication
from data leakage and attacks.
• Mainly host system uses two security
protocols: IPSec (IP security) and SSL
(secure socket layer)
• Rather than this virtualization provides
some model such as accessing host
hardware.

1/10/2020 S C Nayak, CTIS 23

 Securing Communications

1/10/2020 S C Nayak, CTIS 24

 Recommendations for Secure
Communications
• Guest OS should not have network
management access, it may have network
access.
• Guest OS should be protected by firewall.
• Security activities in guest OS must be
monitored.
• If two guest OS are not communicating
each other, then each should run on a
separate local area network.
1/10/2020 S C Nayak, CTIS 25
 Guest Instances Security
Different security recommendations are:
• Properly install all updates of guest OS.
• Log management, time synchronization,
remote access and authentication features
must be enable in guest OS.
• Maintaining of back drive for guest OS should
be in regular.
• Disconnection of unused virtual hardware.
• Separate authentication solution for each
guest OS.
• Make sure the guest OS must be associated
with correct physical devices on host system.
1/10/2020 S C Nayak, CTIS 26
Security Between Host & Guest
• One of the major challenges in
communication between hosts and guests is
VM escape.
• In VM escape the malicious code could
break out of the guest VM and execute on
the host.
• It helps attackers to access the host OS all
other VMs.
• The best protecting mode is to disable
services that are no longer required.
1/10/2020 S C Nayak, CTIS 27
Security Between Host & Guest
• A separate network is necessary for host OS
to access guest VM.
• So each guest VM should have two network
adapter.
• One adapter known as NAT (network
address translation) is for guest VM to
access outbound network.
• Another is known as host only adapter
used for the host OS to access each guest
VM.
1/10/2020 S C Nayak, CTIS 28
 Thank You

1/10/2020 S C Nayak, CTIS 29