Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security in Computer Networks and Distributed Systems

SNDS 2014: Recent Trends in Computer Networks and Distributed Systems Security pp 91–102Cite as

Virtual Machine Isolation

A Survey on the Security of Virtual Machines

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 420))

Abstract

The popularity and widespread adoption of cloud computing has resulted in extensified and intensive use of virtualization technology. Virtualization technology allows the sharing of the same physical resources among several users. This enables the consolidation of servers and a multitude of user machines into a very small set of physical servers, by replacing the physical machines with virtual machines, running on the same physical servers. Consequently, several users work on and store their data in the same physical platform. A software layer is used to enable the sharing of hardware between the different users. Understandably, this leads to apprehensions about the security of their data and working environment for the users, as these are situated only one software layer apart from those belonging to the other users. Centralized storage and centralized computing thus naturally raise the question of security of user’s data, and motivate studies on how data security could possibly be compromised. This article surveys the security concerns in virtualization technology. It includes a study of different attacks in the context of virtualization, and logically organizes them in different categories. Where available, the patches to the attacks are also included in the survey. A special focus of the survey is on hardware limitations to support virtualization, and the conclusion drawn is that hardware limitations of different types are the root cause of most of the security issues.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Smith, J.E., Nair, R.: Virtual Machines: Versatile Platform for Systems and Processes. Morgan Kaufmann (2006)

    Google Scholar 

  2. Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation, vol. 2, pp. 273–286. USENIX Association (2005)

    Google Scholar 

  3. Xiao, J., Xu, Z., Huang, H., Wang, H.: A covert channel construction in a virtualized environment. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 1040–1042. ACM, New York (2012), http://doi.acm.org/10.1145/2382196.2382318

    Chapter  Google Scholar 

  4. Wu, J.Z., Ding, L., Wang, Y., Han, W.: Identification and evaluation of sharing memory covert timing channel in xen virtual machines. In: 2011 IEEE International Conference on Cloud Computing (CLOUD), pp. 283–291. IEEE (2011)

    Google Scholar 

  5. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-vm side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 305–316. ACM, New York (2012), http://doi.acm.org/10.1145/2382196.2382230

    Chapter  Google Scholar 

  6. Li, Y., Shen, Q., Zhang, C., Sun, P., Chen, Y., Qing, S.: A covert channel using core alternation. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 324–328. IEEE (2012)

    Google Scholar 

  7. Li, H., Zhu, J., Zhou, T., Wang, Q.: A new mechanism for preventing hvm-aware malware. In: 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN), pp. 163–167. IEEE (2011)

    Google Scholar 

  8. King, S.T., Chen, P.M.: Subvirt: Implementing malware with virtual machines. In: 2006 IEEE Symposium on Security and Privacy, p. 14. IEEE (2006)

    Google Scholar 

  9. Oberheide, J., Cooke, E., Jahanian, F.: Empirical exploitation of live virtual machine migration. In: Proc. of BlackHat DC convention (2008)

    Google Scholar 

  10. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. ACM SIGOPS Operating Systems Review 37(5), 164–177 (2003)

    Article  Google Scholar 

  11. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  12. Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of l2 cache covert channels in virtualized environments. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 29–40. ACM, New York (2011), http://doi.acm.org/10.1145/2046660.2046670

    Google Scholar 

  13. Okamura, K., Oyama, Y.: Load-based covert channels between xen virtual machines. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC 2010, pp. 173–180. ACM, New York (2010), http://doi.acm.org/10.1145/1774088.1774125

    Google Scholar 

  14. Gong, X., Kiyavash, N., Venkitasubramaniam, P.: Information theoretic analysis of side channel information leakage in fcfs schedulers. In: 2011 IEEE International Symposium on Information Theory Proceedings (ISIT), pp. 1255–1259. IEEE (2011)

    Google Scholar 

  15. Jaskolka, J., Khedri, R.: Exploring covert channels. In: 2011 44th Hawaii International Conference on System Sciences (HICSS), pp. 1–10. IEEE (2011)

    Google Scholar 

  16. Kaleeswaran, S.: Managing covert information leaks in xen virtual machine systems. Master’s thesis. NIT Calicut (May 2010)

    Google Scholar 

  17. http://en.wikipedia.org/wiki/Blue_Pill_%28software%29

  18. Myers, M., Youndt, S.: An introduction to hardware-assisted virtual machine (hvm) rootkits. White Paper of Crucial Security (2007)

    Google Scholar 

  19. Carbone, M., Lee, W., Zamboni, D.: Taming virtualization. IEEE Security & Privacy 6(1), 65–67 (2008)

    Article  Google Scholar 

  20. Abramson, D., Jackson, J., Muthrasanallur, S., Neiger, G., Regnier, G., Sankaran, R., Schoinas, I., Uhlig, R., Vembu, B., Wiegert, J.: Intel virtualization technology for directed i/o. Intel Technology Journal 10, 178–192 (2006)

    Article  Google Scholar 

  21. Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 51–62. ACM (2008)

    Google Scholar 

  22. Hardware-assisted virtualization technology, Intel, Web Article (2012), http://www.intel.in/content/www/in/en/virtualization/virtualization-technology/hardware-assist-virtualization-embedded-technology.html (retrieved December 10, 2012)

  23. König, A., Steinmetz, R.: Detecting migration of virtual machines. In: Proceedings of the 10th Würzburg Workshop on IP: Joint ITG, ITC, and Euro-NF Workshop Visions of Future Generation Networks (EuroView 2011), Julius-Maximilians-Universität Würzburg, Lehrstuhl für Informatik III (2011)

    Google Scholar 

  24. Shetty, J., Anala, M.R., Shobha, G.: A survey on techniques of secure live migration of virtual machine. International Journal of Computer Applications 39(12) (2012)

    Google Scholar 

  25. Perez, R., Sailer, R., van Doorn, L.: vtpm: virtualizing the trusted platform module. In: Proc. 15th Conf. on USENIX Security Symposium, pp. 305–320 (2006)

    Google Scholar 

  26. Stumpf, F., Eckert, C.: Enhancing trusted platform modules with hardware-based virtualization techniques. In: Second International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2008, pp. 1–9. IEEE (2008)

    Google Scholar 

  27. Danev, B., Masti, R., Karame, G., Capkun, S.: Enabling secure vm-vtpm migration in private clouds. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 187–196. ACM (2011)

    Google Scholar 

  28. Neiger, G., Santoni, A., Leung, F., Dion Rodgers, R.U.: Intel virtualization technology: Hardware support for efficient processor virtualization. Intel Technology Journal 10, 166–177 (2006)

    Article  Google Scholar 

  29. Advanced Micro Devices: Secure Virtual Machine Architecture Reference Manual Advanced Micro Devices (May 2005)

    Google Scholar 

  30. Robin, J.S., Irvine, C.E.: Analysis of the intel pentium’s ability to support a secure virtual machine monitor. DTIC Document, Tech. Rep. (2000)

    Google Scholar 

  31. Uhlig, R., Neiger, G., Rodgers, D., Santoni, A.L., Martins, F.C., Anderson, A.V., Bennett, S.M., Kgi, A., Leung, F.H., Smith, L.: Intel virtualization technology, May 2005, pp. 48–56. IEEE Computer Society Press (2005)

    Google Scholar 

  32. Adams, K., Agesen, O.: A comparison of software and hardware techniques for x86 virtualization. ACM SIGOPS Operating Systems Review 40(5), 2–13 (2006)

    Article  Google Scholar 

  33. Ben-Yehuda, M., Mason, J., Xenidis, J., Krieger, O., Van Doorn, L., Nakajima, J., Mallick, A., Wahlig, E.: Utilizing iommus for virtualization in linux and xen. In: OLS 2006: The 2006 Ottawa Linux Symposium, pp. 71–86. Citeseer (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Institute of Technology, Calicut, Kerala, India

    R. Jithin & Priya Chandran

Authors
  1. R. Jithin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Priya Chandran
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Facultad de Informatica, Campus de Espinardo, s/n, 30., 100, Murcia, Spain

    Gregorio Martínez Pérez

  2. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  3. Faculty of Computing and Mathematical Sciences, The University of Waikato, Waikato Mail Centre, Private Bag 3105, Hamilton, New Zealand

    Ryan Ko

  4. Guangdong University of Petrochemical Technology, P.R. China

    Lei Shu

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jithin, R., Chandran, P. (2014). Virtual Machine Isolation. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds) Recent Trends in Computer Networks and Distributed Systems Security. SNDS 2014. Communications in Computer and Information Science, vol 420. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54525-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-54525-2_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-54524-5

  • Online ISBN: 978-3-642-54525-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation