StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Cloud Computing Virtualisation Security Threats - Literature review Example

Cite this document
Summary
The purpose of this paper is to present an overview of the various virtualization security vulnerabilities plus threats that are particular to hypervisors…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.7% of users find it useful
Cloud Computing Virtualisation Security Threats
Read Text Preview

Extract of sample "Cloud Computing Virtualisation Security Threats"

Cloud Computing Virtualization Security Threats Virtualization is now common all through the world and without it, the cloud environment would perhaps have a totally different form (Abdul, 2012). The software type which functions as the necessary building block when implementing virtualized solutions within data centers is referred to as hypervisor (CMeier,Mnovellino, 2013). Because the hypervisor sits between the guest system and the OS it is important that the component is given maximum security (Tyson T. Brooks, Carlos Caicedo, Joon S. Park, 2012) otherwise if the hypervisor is left vulnerable to exploits, it becomes the main target of the attackers (SZepher, 2011). . Virtualization makes the concept complicated but never makes security better or worse. There exists a set of crucial security concerns to be addresses if considering virtualization in a cloud computing environment. The purpose of this paper is to present an overview of the various virtualization security vulnerabilities plus threats that are particular to hypervisors. Keywords virtualization, vulnerabilities, hypervisors Introduction System virtualization is often implemented through the use of hyper visor technology. A hyper visor is a firmware or software component that is able to visualize the resources of a system (Tholeti, 2011). Virtualization is a key element of Infrastructure as a Service cloud offering (Alliance, 2011) and has a widespread use in sections of the Software as a Service and Infrastructure as a Service too (technology, 2010). It has benefits like data centre consolidation, multi-tenancy plus better server utilization and cloud providers are able to attain a higher density which changes into better margins. Business enterprises could use virtualization in shrinking capital expenses on the server hardware and improve operational efficiency (Navaro, 2013). However, embracing virtualization comes with a set of security issues of the used operating system running in guest mode and newer security concerns pertaining to the hypervisor layer together with new virtualization based threats inter- Virtual Machine attacks It is necessary to understand that virtualization is different from the conventional physical environment (Granneman). The virtualization host is quite critical since it hosts several virtual machines. The hypervisor functions as the central management point for every VM image and a control centre for a number of the critical services, resulting into vulnerability leverage points (Alliance S. , 2010). Having the hypervisor compromised for introduction of a rogue VM or downloading an image is analogous to bypassing the physical security then break into a server room to introduce an external server or to steal the existing one. It is possible to bypass virtualization management applications and the virtualization control or hosting operating system could be directly accessed by the privileged users. Also, normal operating system security never protects the mission critical resources and data at a degree required to meet security best practices and regulatory compliance. Some of the virtualization security vulnerabilities are: Interactive Virtualization related risks In a situation where a virtualized server and a virtualized network exist, the total risk is always greater than the sum of the individual risks (Edward Ray, Eugine Schultz). Also falling under this are the risks featuring in the host environment, the initially installed operating system which functions as a host to all thins on some hardware platform. Vulnerability in any application or virtualized OS could be a weak link causing several compromises in the virtualized components. Operational Complexity from Virtual Machine Sprawl Typical enterprises increasingly request for VM because of the ease with which the VM is provisioned. However, this has the effect of increasing the odds of an operator error or configuration based errors together with creating a larger attack surface. Blind Spots and Inter-VM Attacks Virtualization largely impacts network security. Virtual machines could be communicating with one another via a hardware backplane instead of a network system. Hence, the standard network specific security controls become blind to such traffic and so cannot carry out in-line blocking or monitoring. Another point of vulnerability is migration of the virtual machines is. Migration of a malicious Virtual Machine into a trusted zone is an example of an attack scene, and using the conventional network oriented security controls, that misbehavior will never be detected. Unstructured Physical Boundaries Servers are conventionally stacked away within the server rooms where tighter physical controls are put in place to regulate any access to the boxes (Vax, 2010). On the other hand, the virtual environment proves to be quite different because servers are just files which could be copied from the host. An attempt to copy a server image is analogous moving into a server room and stealing the server. Furthermore, it is possible accessing the machine memory from the hypervisor and this can compromise information like encryption keys and passwords while under transit. Therefore, any access to a virtualization host is critical. Communication inside the Virtualization Level Virtual machines are involved in communication and data sharing. However, there is the danger that a means of communication which does not meet important security parameters can potentially be a point of vulnerability targeted by the attackers (Texiwill, 2009). Possibility of Escaping the VM This type of vulnerability refers to the capability of gaining access to the hypervisor while inside the Virtual Machine level. Creation of more APIs for use in the visualization platforms increases concern about the same increases. While the number of API’s created increases, the number of controls for disabling the functionality inside the Virtual Machine also increases and this has an effect on availability and performance. Instant-On Gaps This is based on the ease with which virtual machines could be started or stopped coupled with fast changing threats. It creates a situation whereby a VM is securely configured while turned off then new threats evolve at start up time making the machine more vulnerable to attacks. Single Point Failure In a hypervisor based virtualization only a single hypervisor is used so the system becomes a single point of failure (Sabahi, 2012). In the event that the used hypervisor crashes due to a successful attack or an overload, the entire system and the virtual machine will be affected (Sengupta, 2013). The hypervisors have security zones of their own and are controlling agents for all resources inside the virtualization host. They touch and impact every act of the virtual machines that run inside the virtualization host. The security zones despite being many in number exist in one security zone. This could raise a security issue in that if an attacker attains control of the hypervisor then he shall have succeeded in controlling data within the hypervisor territory. Hyper jacking This type of vulnerability can let the attacker gain full control of the hypervisor so as to access the VMs plus the associated data if exploited. It is launched against the type two hypervisor which run over host operating systems though type 1 attacks have a theoretical possibility. As an example, the attacker can craft and run a thin hypervisor which fully controls the underlying operating system. The Blue Pill root kit that Joanna Rutkowska developed is an example of how this risk might manifest itself. The root kit is a Trojan program which is designed to conceal the information regarding its existence from the administrator and other fellows that look for security breaches and anomalies within the system. The Blue Pill root kit is able to bypass the Vista integrity checking stage which involves loading of the unsigned code in the kernel of the Vista operating system. This code makes use of AMD’s secure virtual machine in masquerading itself from detection then becomes a hypervisor controlling the operating system without the knowledge of the administrators. However, in reality hyper jacking remains rare because of the difficulty of gaining direct access to hypervisors (Younger, 2012). Instances of Unrestricted Privileged Access It is usual identifying and controlling normal system users using the operating system or application security (Claycomb). Attempts of misuse or mistakes are common in such cases but as long as the controls under use are properly set, system damage or breach of confidentiality will remain out of question. Virtualization makes this problem worse (Winkler, 2011). The administrator is often in charge of the physical host plus the virtual sessions that run on the host (Samson, 2013). They could also gain access to sensitive data and impact on business continuity. In the absence of an independent access control strategy, several privileged users in different roles have the capability of interacting with a number of components related to a virtualization deployment (Investigations, 2012). Such an insufficiently controlled access to a hypervisor can potentially cause a great damage to a business enterprise by disruption of important services and compromising valuable information (Rowel, 2009). It is possible copying VM images together with the application and data that they hold. The copied images can be restored to the online system on an insecure network (Boothe, 2013) and this makes it easy for an intruder to gain access to contents managed in the copied image. Conclusion In spite of the benefits of the hypervisor like ability to detect threats that manage to pass through the security systems of the guest OS and functioning as a firewall to thwart the efforts of malicious users when trying to compromise the hardware infrastructure, there are a set of vulnerabilities associated with its use the virtual layer of the cloud environment and such vulnerabilities are the main target of the attackers. Therefore, it is critical that organizations resorting to cloud computing gain a full understanding of the cloud environ plus the related risks or threats and make prior plans to counteract the same to reap the full benefits of “taking things to the cloud“. Bibliography Abdul. (2012, December 31). Cloud Computing and Virtualization. Retrieved January 19, 2014, from www.cloudtweaks.com: http://www.cloudtweaks.com/2012/12/cloud-computing-and-virtualization/ Alliance, C. S. (2011). Security Guidance for critical Areas of Focus in Cloud computing V 3.0. Alliance, S. (2010, March). Top Ten Threats to Cloud Computing. Retrieved January 22, 2014, from Cloud Security Alliance: http://www.cloudsecurityalliance.org/topthreats/scathreats.v1.0.pdf Claycomb, W. R. Insider Threats to Cloud Computing:Directions for New Research Challenges. USA. CMeier,Mnovellino. (2013, October 26). Virtualization Vulnerabilities Related to Hypervisors. Retrieved January 22, 2014, from MIT Geospatial Data Centre: http://cybersecurity.mit.edu/2013/10/virtualization-vulnerabilities-related-to-hypervisors/ Edward Ray, Eugine Schultz. (n.d.). Virtualization Security. Retrieved January 22, 2014, from Virtualization: http://www.csiir.ornl.gov/csiirw/09/CSIIRW09-Proceedings/Abstracts/Ray-abstract.pdf Granneman, J. (n.d.). Virtualization Vulnerabilities and Virtualization Security Threats. Retrieved January 19, 2014, from Cloud Security: http://searchcloudsecurity.techtarget.com/tip/Virtualization-vulnerabilities-and-virtualization-security-threats Investigations, F. B. (2012, May). How to Spot an Insider Threat. Retrieved January 22, 2014, from Enonomic Epsionage: www.fbi.gov/news/stories/2012/may/insider Rowel, G. (2009). Virtualization: The Next Generation of Application Delivery Challenges. Sabahi, F. (2012). Secure Virtualization for Cloud Environment Using Hypervisor Based Technology. international Journal of Machine Learning and Computing , 39-45. Samson, T. (2013, February 25). 9 Top Threats to Cloud Computing. Retrieved January 19, 2014, from www.infoworld.com: http://www.infoworld.com/t/cloud-security/9-top-threats-cloud-computing-security Sengupta, D. (2013). A Survey on Security of Hypervisor based Virtualization System in Cloud Computing. SZepher, J. (2011). Eliminating a Hypervisor Attack for a More secure Cloud. Retrieved January 19, 2014, from www.cs.princeton.edu: http://www.cs.princeton.edu/~jrex/papers/ccs11.pdf technology, C. (2010, January 11). What is Virtualization and Cloud Computing. Retrieved January 19, 2014, from www.slideshare.net: http://www.slideshare.net/ConsonusTech/what-is-virtualization-and-cloud-computing Texiwill, G. (2009). Is Network Security the Major Component of Virtualization Security. Tholeti, B. P. (2011, September 23). Hypervisors, virtualization and the cloud. Retrieved January 22, 2014, from Developer works: http://www.ibm.com/developerworks/cloud/library/cl-hypervisorcompare/cl-hypervisorcompare-pdf.pdf Tyson T. Brooks, Carlos Caicedo, Joon S. Park. (2012). Security Vulnerability Analysis in Vitualization. International Journal of Intelligent Computing Research , 177-291. Vax, N. (2010, May). Securing Virtualized Environments and Accelerating Cloud Computing. Retrieved June 22, 2014, from Managing Access Virtual servers: http://www.ca.com/au/~/media/files/whitepapers/managing_access_virtual_servers_wp_231691.aspx Winkler, V. (2011, December). Virtual Cloud security Concerns. Retrieved January 19, 2014, from /technet.microsoft.com: http://technet.microsoft.com/en-us/magazine/hh641415.aspx Younger, J. (2012, February 25). Common Virtualization Vulnerabilities and How to mitigate Risks. Retrieved January 22, 2014, from Penetration Testing Lab: http://pentestlab.wordpress.com/2013/02/25/common-virtualization-vulnerabilities-and-how-to-mitigate-risks/ Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Cloud Computing Virtualisation Security Threats Literature review Example | Topics and Well Written Essays - 1500 words, n.d.)
Cloud Computing Virtualisation Security Threats Literature review Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/information-technology/1806057-cloud-computing-virtualisation-security-threats
(Cloud Computing Virtualisation Security Threats Literature Review Example | Topics and Well Written Essays - 1500 Words)
Cloud Computing Virtualisation Security Threats Literature Review Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1806057-cloud-computing-virtualisation-security-threats.
“Cloud Computing Virtualisation Security Threats Literature Review Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/1806057-cloud-computing-virtualisation-security-threats.
  • Cited: 0 times

CHECK THESE SAMPLES OF Cloud Computing Virtualisation Security Threats

Defining the Cloud Computing Technology

The aim of the paper is to answer the question about the benefits of cloud computing relating it to the perceived Information System platform of the new era.... The objective could be carried out through outlining the business benefits related to cloud computing.... … This research provides a number of analysis and reference points that clearly identifies the benefits of cloud computing, however, the concern is that businesses have adequate solutions that assists in implementation of the key criterion used in measuring the success embedded within cloud computing....
55 Pages (13750 words) Essay

Cloud Computing

Introduction to cloud computing A comprehensive description covering all the concepts of cloud computing is defined as “cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service-provider interaction.... ?? (Mell, Grance 2010) ‘cloud computing' matches a perception of an imaginary cloud that illustrates the Internet or most likely a corporate network environment that is represented by a cloud....
12 Pages (3000 words) Research Proposal

Defining the Subliminal Reality: Virtualization

In fact, recent studies have found that organizations achieved on average an 18% reduction in their budget from cloud computing and a 16% reduction in data costs.... Virtualization is a vital component for organizations as it upholds security and allows corporations to implement a modern IT system.... Hence, virtualization should be embraced by organizations because it is cost-effective, flexible, and provides a safe process of security protocols....
7 Pages (1750 words) Report

Security Concerns in Cloud Computing

Full Paper Title Name University Introduction cloud computing is considered to be a value driven technology, as it saves cost along with advanced virtualization of business functions that is globally accessible.... cloud computing vendors.... n a nutshell, cloud computing delivers major advantages along with negative consequences as well.... Likewise, before making any strategy for transferring critical applications to the cloud, it is important to analyze deployment and service models of cloud computing....
5 Pages (1250 words) Research Paper

Cloud Computing Solutions: Deployment Models

This assignment "cloud computing Solutions: Deployment Models" discusses cloud computing that offers a number of benefits to users some of which include increased data storage, workload shift, reduced need for installing costly software applications, user-friendly interface, and resource sharing.... hellip; cloud computing is an internet-based technology that helps users in accessing software applications through the internet and store precious data (Mache)....
20 Pages (5000 words) Assignment

Computer Systems and Virtualization

The paper "Computer Systems and Virtualization" highlights that the Virtual Directory is a separate register including a website that connects to an additional directory.... On the local server or over the shared network this can be associated with the virtual directory.... hellip; For creating a domain logon script 'start....
13 Pages (3250 words) Assignment

Cloud Computing - Wizni Incorporated

The paper "cloud computing - Wizni Incorporated" discusses the introduction and current trends of cloud computing.... It is evident that cloud computing provides a vast variety of benefits and a better Return on Investment (ROI) along with high availability.... hellip; cloud computing storage and associated risks with respect to information security were discussed.... Moreover, the total cost of ownership, management and configuration of computing devices is not required and most importantly, critical business applications can be accessed anywhere....
11 Pages (2750 words) Case Study

ICT Consolidation using Virtualization Technologies a Cost Effective Approach

The purpose of the research is to thoroughly examine the concept of virtualization in order to provide a framework within which to understand the future of IT and how managers should be building an approach to IT solutions.... While virtualization is not a new concept, it is a… pt that has applications that will benefit our future needs in the way in which energy use is maximized, time is decreased, and manageability is economized....
40 Pages (10000 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us