Abstract
The popularity and widespread adoption of cloud computing has resulted in extensified and intensive use of virtualization technology. Virtualization technology allows the sharing of the same physical resources among several users. This enables the consolidation of servers and a multitude of user machines into a very small set of physical servers, by replacing the physical machines with virtual machines, running on the same physical servers. Consequently, several users work on and store their data in the same physical platform. A software layer is used to enable the sharing of hardware between the different users. Understandably, this leads to apprehensions about the security of their data and working environment for the users, as these are situated only one software layer apart from those belonging to the other users. Centralized storage and centralized computing thus naturally raise the question of security of user’s data, and motivate studies on how data security could possibly be compromised. This article surveys the security concerns in virtualization technology. It includes a study of different attacks in the context of virtualization, and logically organizes them in different categories. Where available, the patches to the attacks are also included in the survey. A special focus of the survey is on hardware limitations to support virtualization, and the conclusion drawn is that hardware limitations of different types are the root cause of most of the security issues.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Smith, J.E., Nair, R.: Virtual Machines: Versatile Platform for Systems and Processes. Morgan Kaufmann (2006)
Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation, vol. 2, pp. 273–286. USENIX Association (2005)
Xiao, J., Xu, Z., Huang, H., Wang, H.: A covert channel construction in a virtualized environment. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 1040–1042. ACM, New York (2012), http://doi.acm.org/10.1145/2382196.2382318
Wu, J.Z., Ding, L., Wang, Y., Han, W.: Identification and evaluation of sharing memory covert timing channel in xen virtual machines. In: 2011 IEEE International Conference on Cloud Computing (CLOUD), pp. 283–291. IEEE (2011)
Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316. ACM, New York (2012), http://doi.acm.org/10.1145/2382196.2382230
Li, Y., Shen, Q., Zhang, C., Sun, P., Chen, Y., Qing, S.: A covert channel using core alternation. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 324–328. IEEE (2012)
Li, H., Zhu, J., Zhou, T., Wang, Q.: A new mechanism for preventing hvm-aware malware. In: 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN), pp. 163–167. IEEE (2011)
King, S.T., Chen, P.M.: Subvirt: Implementing malware with virtual machines. In: 2006 IEEE Symposium on Security and Privacy, p. 14. IEEE (2006)
Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proc. of BlackHat DC convention (2008)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. ACM SIGOPS Operating Systems Review 37(5), 164–177 (2003)
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)
Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of l2 cache covert channels in virtualized environments. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 29–40. ACM, New York (2011), http://doi.acm.org/10.1145/2046660.2046670
Okamura, K., Oyama, Y.: Load-based covert channels between xen virtual machines. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC 2010, pp. 173–180. ACM, New York (2010), http://doi.acm.org/10.1145/1774088.1774125
Gong, X., Kiyavash, N., Venkitasubramaniam, P.: Information theoretic analysis of side channel information leakage in fcfs schedulers. In: 2011 IEEE International Symposium on Information Theory Proceedings (ISIT), pp. 1255–1259. IEEE (2011)
Jaskolka, J., Khedri, R.: Exploring covert channels. In: 2011 44th Hawaii International Conference on System Sciences (HICSS), pp. 1–10. IEEE (2011)
Kaleeswaran, S.: Managing covert information leaks in xen virtual machine systems. Master’s thesis. NIT Calicut (May 2010)
Myers, M., Youndt, S.: An introduction to hardware-assisted virtual machine (hvm) rootkits. White Paper of Crucial Security (2007)
Carbone, M., Lee, W., Zamboni, D.: Taming virtualization. IEEE Security & Privacy 6(1), 65–67 (2008)
Abramson, D., Jackson, J., Muthrasanallur, S., Neiger, G., Regnier, G., Sankaran, R., Schoinas, I., Uhlig, R., Vembu, B., Wiegert, J.: Intel virtualization technology for directed i/o. Intel Technology Journal 10, 178–192 (2006)
Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 51–62. ACM (2008)
Hardware-assisted virtualization technology, Intel, Web Article (2012), http://www.intel.in/content/www/in/en/virtualization/virtualization-technology/hardware-assist-virtualization-embedded-technology.html (retrieved December 10, 2012)
König, A., Steinmetz, R.: Detecting migration of virtual machines. In: Proceedings of the 10th Würzburg Workshop on IP: Joint ITG, ITC, and Euro-NF Workshop Visions of Future Generation Networks (EuroView 2011), Julius-Maximilians-Universität Würzburg, Lehrstuhl für Informatik III (2011)
Shetty, J., Anala, M.R., Shobha, G.: A survey on techniques of secure live migration of virtual machine. International Journal of Computer Applications 39(12) (2012)
Perez, R., Sailer, R., van Doorn, L.: vtpm: virtualizing the trusted platform module. In: Proc. 15th Conf. on USENIX Security Symposium, pp. 305–320 (2006)
Stumpf, F., Eckert, C.: Enhancing trusted platform modules with hardware-based virtualization techniques. In: Second International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2008, pp. 1–9. IEEE (2008)
Danev, B., Masti, R., Karame, G., Capkun, S.: Enabling secure vm-vtpm migration in private clouds. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 187–196. ACM (2011)
Neiger, G., Santoni, A., Leung, F., Dion Rodgers, R.U.: Intel virtualization technology: Hardware support for efficient processor virtualization. Intel Technology Journal 10, 166–177 (2006)
Advanced Micro Devices: Secure Virtual Machine Architecture Reference Manual Advanced Micro Devices (May 2005)
Robin, J.S., Irvine, C.E.: Analysis of the intel pentium’s ability to support a secure virtual machine monitor. DTIC Document, Tech. Rep. (2000)
Uhlig, R., Neiger, G., Rodgers, D., Santoni, A.L., Martins, F.C., Anderson, A.V., Bennett, S.M., Kgi, A., Leung, F.H., Smith, L.: Intel virtualization technology, May 2005, pp. 48–56. IEEE Computer Society Press (2005)
Adams, K., Agesen, O.: A comparison of software and hardware techniques for x86 virtualization. ACM SIGOPS Operating Systems Review 40(5), 2–13 (2006)
Ben-Yehuda, M., Mason, J., Xenidis, J., Krieger, O., Van Doorn, L., Nakajima, J., Mallick, A., Wahlig, E.: Utilizing iommus for virtualization in linux and xen. In: OLS 2006: The 2006 Ottawa Linux Symposium, pp. 71–86. Citeseer (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jithin, R., Chandran, P. (2014). Virtual Machine Isolation. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54525-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-54525-2_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54524-5
Online ISBN: 978-3-642-54525-2
eBook Packages: Computer ScienceComputer Science (R0)