Abstract
Virtualization is technological revolution that separates functions from underlying hardware and allows us to create useful environment from abstract resources. Virtualization technology has been targeted by attackers for malicious activity. Attackers could compromise VM infrastructures, allowing them to access other VMs on the same system and even the host. Our article emphasize on the assessment of virtualization specific vulnerabilities, security issues and possible solutions. In this article, a recent comprehensive survey on virtualization threats and vulnerabilities is presented. We also described taxonomy of cloud-based attacks on the virtualized system and existing defense mechanisms intended to help academia, industry and researchers to gain deeper and valuable insights into the attacks so that the associated vulnerabilities can be identified and subsequently required actions would be taken. We provide an exhaustive comparison of various techniques proposed by researchers to resolve virtualization specific vulnerabilities. To guide future research, we discussed generalized security measures and requirements to be taken to achieve secure virtualized implementations. At the end, we shed some light on cloud shared responsibility model to decide which roles cloud service providers and cloud service customers play in cloud security. The aim of this article is to deliver researchers, academicians and industry with a superior understanding of existing attacks and defense mechanisms on cloud security.
Similar content being viewed by others
References
Alameri I, Radchenko G (2017) Development of student information management system based on cloud computing platform. Journal of Applied Computer Science & Mathematics 11:9–14. https://doi.org/10.4316/JACSM.201702001
Sosinsky B (2011) Cloud computing bible. https://doi.org/10.1145/358438.349303
Zhu G, Yin Y, Cai R, Li K (2017) Detecting virtualization specific vulnerabilities in cloud computing environment. In: IEEE international conference on cloud computing, CLOUD 2017-June, pp 743–48
Pearce M, Zeadally S, Hunt R (2013) Virtualization: issues, security threats, and solutions. ACM Comput Surv 45(2):17:1–17:39. https://doi.org/10.1145/2431211.2431216
Asad S, Fatima M, Saeed A, Raza I (2017) Multilevel classification of security concerns in cloud computing. Appl Comput Inf 13(1):57–65. https://doi.org/10.1016/j.aci.2016.03.001
Granneman (2012) Virtualization vulnerabilities and virtualization security threats. https://searchcloudsecurity.techtarget.com/tip/Virtualization-vulnerabilities-and-virtualization-security-threats
Sempolinski P, Thain D (2010) A comparison and critique of Eucalyptus, OpenNebula and Nimbus. https://doi.org/10.1109/CloudCom.2010.42
Nagar N, Suman U (2016) Analyzing virtualization vulnerabilities and design a secure cloud environment to prevent from XSS attack. Int J Cloud Appl Comput 6(1):1–14. https://doi.org/10.4018/IJCAC.2016010101
Kaur A, Gupta G, Bhathal GS (2017) Role of virtualization in cloud computing. Global J Eng Sci Res 4(7):143–150. https://doi.org/10.5281/zenodo.835421
Wu J, Lei Z, Chen S, Shen W (2017) An access control model for preventing virtual machine escape attack. Future Int 9:2. https://doi.org/10.3390/fi9020020
Zhang Y, Juels A, Oprea A, Reiter M (2011) Homealone: Co-residency detection in the cloud via side-channel analysis. In: IEEE symposium on security and privacy (Oakland), Oakland, CA, pp 313–328. https://doi.org/10.1109/SP.2011.31
Wojtkowiak A (2012) Protection for virtual environments ? IBM Virtual Server Protection. IBM Corporation
Gupta S, Kumar P (2013) Taxonomy of cloud security. Int J Comput Sci Eng Appl 3(5):47–67. https://doi.org/10.5121/ijcsea.2013.3505
Perez-Botero D, Szefer J, Lee RB (2013) Characterizing hypervisor vulnerabilities in cloud computing servers. Published in SCC@ASIACCS, 3-10. https://doi.org/10.1145/2484402.2484406
Moyo T, Bhogal J (2014) Investigating security issues in cloud computing. In: Eighth International Conference on Complex, Intelligent and Software Intensive Systems, Birmingham, pp. 141–146. https://doi.org/10.1109/CISIS.2014.21
Kazim M, Zhu SY (2015) Virtualization security in cloud computing. In: Zhu S, Hill R, Trovati M (eds) Guide to security assurance for cloud computing. Computer communications and networks. Springer, Cham. https://doi.org/10.1007/978-3-319-25988-8
Wang Z, Yang R, Fu X, Du X, Luo B (2016) A shared memory based cross-VM side channel attacks in IaaS cloud. In: 2016 IEEE conference on computer communications workshops (INFOCOM WKSHPS), pp 181–86. http://ieeexplore.ieee.org/document/7562068/
Hussain SA, Fatima M, Saeed A, Raza I, Shahzad RK (2017) Multilevel classification of security concerns in cloud computing. Appl Comput Inform 13(1):57–65. https://doi.org/10.1016/j.aci.2016.03.001
Zhang T (2017) Detection and mitigation of security threats in cloud computing. PhD Thesis, Electrical Engineering Department, Princeton University, Princeton, NJ, p 257. Retrieved from http://palms.ee.princeton.edu/node/479
Jiang Wu, Zhou Lei, Shengbo Chen, Wenfeng Shen, (2017) An Access Control Model for Preventing Virtual Machine Escape Attack. Future Internet 9 (2):20. https://doi.org/10.3390/fi9020020
Geeta CM et al. (2018) Data auditing and security in cloud computing: issues, challenges and future directions. Int J Comput (IJC) 28(1):8–57.
Dubey S, Verma K, Rizvi MA, Ahmad K (2018) SWOT Analysis of Cloud Computing Environment. In: Aggarwal V, Bhatnagar V, Mishra D (eds) Big Data Analytics. Advances in Intelligent Systems and Computing, vol 654. Springer, Singapore. https://doi.org/10.1007/978-981-10-6620-7_71
Zhang T, Lee RB (2018) Design, implementation and verification of cloud architecture for monitoring a virtual machine’s security health. IEEE Trans Comput 67(6):799–815. https://doi.org/10.1109/tc.2017.2780823
Ravi Kumar P, Herbert Raj P, Jelciana P (2018) Exploring data security issues and solutions in cloud computing. Proc Comput Sci 125:691-697. ISSN: 1877-0509. https://doi.org/10.1016/j.procs.2017.12.089
Patil S (2017) Digital forensics technique for detection of attack and previous data restoration in cloud environment. 6:427–433. https://doi.org/10.23956/ijarcsse/V7I6/0125
Rouse (2016) What is virtualization? Definition from WhatIs.com. Retrieved from https://searchservervirtualization.techtarget.com/definition/virtualization
Zhu SY, Hill R, Trovati M (2015) Guide to security assurance for cloud computing, computer communications and networks book series (CCN). Springer International Publishing, ISBN: 978-3-319-25986-4, 978-3-319-25988-8
Gonzalez N, Miers C, Redígolo F et al (2012) J Cloud Comp 1:11. https://doi.org/10.1186/2192-113X-1-11
Kabir MH, Islam S, Hossain S (2015) A detail overview of cloud computing with its opportunities and obstacles in developing countries. Int J Eng Sci Invent 4(4):52–63
Rouse (2015) What is hypervisor attack? Definition from WhatIs.com. https://whatis.techtarget.com/definition/hypervisor-attack. Accessed 10 Mar 2018
Adla, Vishrutha (2013) Comparing performance of HyperV and VMware considering network isolation in virtual machines. Masters thesis, Dublin, National College of Ireland. http://trap.ncirl.ie/id/eprint/907. Accessed 25 Mar 2018
From Wikipedia, the free encyclopedia (2017) Hyperjacking—wikipedia. https://en.wikipedia.org/wiki?curid=45523767. Accessed 17 May 2018
Jansen WA (2011) Cloud hooks: security and privacy issues in cloud computing. In: 2011 44th Hawaii international conference on system sciences, Kauai, HI, 2011, pp 1–10. https://doi.org/10.1109/hicss.2011.103
Hyde D (2009) A survey on the security of virtual machines. A project report written under the guidance of Prof. Raj Jain. https://www.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/. Accessed 11 Nov 2017
Zhu SY, Hill R, Trovati M (2015) Guide to security assurance for cloud computing. Springer, Switzerland. https://doi.org/10.1007/978-3-319-25988-8
Xiong H, Zheng Q, Zhang X, Yao D (2013) CloudSafe: securing data processing within vulnerable virtualization environments in the cloud. In: 2013 IEEE conference on communications and network security (CNS), National Harbor, MD, 2013, pp 172–180. https://doi.org/10.1109/cns.2013.6682705
Schwarzkopf R, Schmidt M, Strack C, Freisleben B (2011) Checking running and dormant virtual machines for the necessity of security updates in cloud environments. In: 2011 IEEE third international conference on cloud computing technology and science, Athens, pp 239–246. https://doi.org/10.1109/cloudcom.2011.40
Schwarzkopf R, Schmidt M, Strack C, Martin S, Freisleben B (2012) Increasing virtual machine security in cloud environments. J Cloud Comp (2012) 1:12. https://doi.org/10.1186/2192-113X-1-12
Himanshu (2017) Technology redefine: footprinting [Blog post]. https://technologyredefine.blogspot.com/2017/09/footprinting_17.html. Accessed 23 Jan2018
Kazim M, Zhu SY (2015) Virtualization security in cloud computing. In: Zhu S, Hill R, Trovati M (eds) Guide to security assurance for cloud computing. computer communications and networks. Springer, Cham. https://doi.org/10.1007/978-3-319-25988-8
Catteddu D (2010) Cloud computing: benefits, risks and recommendations for information security, In: Serrão C, Aguilera Díaz V, Cerullo F (eds) Web Application Security. IBWAS 2009. Communications in Computer and Information Science, vol 72. Springer, Berlin, Heidelberg, pp 17–17. https://doi.org/10.1007/978-3-642-16120-9_9
What is Virtualization Security? Definition from Techopedia. https://www.techopedia.com/definition/30243/virtualization-security. Accessed 23 Mar 2018
Jeena R, Kumar SS, Sudhan SKHH (2014) Efficient and secure techniques for protecting data in the cloud. In: International conference on information communication and embedded systems (ICICES2014), Chennai, 2014, pp 1–5. https://doi.org/10.1109/icices.2014.7033771
Rouse (2017) What is shared responsibility model? Definition from WhatIs.com. https://searchcloudcomputing.techtarget.com/definition/shared-responsibility-model. Accessed 14 April 2018
Gresser (2017) Who is responsible for cloud security? https://securityintelligence.com/who-is-responsible-for-cloud-security/. Accessed 24 Jan 2018
YungChou (2010) Cloud Computing Primer for IT Pros—Yung Chou on Hybrid Cloud. https://blogs.technet.microsoft.com/yungchou/2010/11/15/cloud-computing-primer-for-it-pros/. Accessed 15 Nov 2017
McCune JM, Li Y, Qu N, Zhou Z, Datta A, Gligor V, Perrig A (2010). TrustVisor: efficient TCB reduction and attestation. In IEEE symposium on security and privacy, Berkeley/Oakland, CA, pp 143–158. https://doi.org/10.1109/SP.2010.17
Vasudevan A, Chaki S, Jia L, McCune J, Newsome J, Datta A (2013) Design, implementation and verification of an extensible and modular hypervisor framework. In: IEEE symposium on security and privacy, Berkeley, CA, pp. 430–444. https://doi.org/10.1109/SP.2013.36
Wang Z, Jiang X (2010) HyperSafe: a lightweight approach to provide lifetime hypervisor control-low integrity. In: IEEE symposium on security and privacy, 380–395. https://doi.org/10.1109/SP.2010.30
Azab AM, Ning P, Wang Z, Jiang X, Zhang X, Skalsky NC (2010) HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In: ACM conference on computer and communications security, 38–49. https://doi.org/10.1145/1866307.1866313
Butt S, Lagar-Cavilla HA, Srivastava A, Ganapathy V (2012) Self-service cloud computing. In: ACM conference on computer and communications security, ACM, New York, NY, USA, 253–264. https://doi.org/10.1145/2382196.2382226
Keller E, Szefer J, Rexford J, Lee RB (2010) NoHype: virtualized cloud infrastructure without the virtualization. In: ACM international symposium on computer architecture, ACM, New York, NY, USA, 350–361. https://doi.org/10.1145/1815961.1816010
Szefer J, Keller E, Lee R, Rexford J (2011) Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM conference on computer and communications security, Chicago. ACM, pp 401–412. https://doi.org/10.1145/2046707.2046754
Ye X et al (2016) An anomalous behavior detection model in cloud computing. In: Tsinghua Science and Technology 21(3):322–332. https://doi.org/10.1109/TST.2016.7488743
Szefer J, Keller E, Lee R, Rexford J (2011) Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM conference on computer and communications security, Chicago. ACM, pp 401–412. https://doi.org/10.1145/2046707.2046754
Wang Z, Jiang X (2010) HyperSafe: a lightweight approach to provide lifetime hypervisor control-low integrity. In: IEEE symposium on security and privacy, pp 380–395. https://doi.org/10.1109/SP.2010.30
Jiang X, Wang X, Xu D (2007) Stealthy malware detection through VMM-based out-of-the-box semantic view reconstruction. In: ACM conference on computer and communications security, ACM, New York, NY, USA, 128–138. https://doi.org/10.1145/1315245.1315262
Payne BD, Carbone M, Sharif M, Lee W (2008) Lares: an architecture for secure active monitoring using virtualization. In: IEEE symposium on security and privacy, Oakland, CA, pp. 233–247. https://doi.org/10.1109/SP.2008.24
Azmandian F, Moffie M, Alshawabkeh M, Dy J, Aslam J, Kaeli D (2011) Virtual machine monitor-based lightweight intrusion detection. ACM SIGOPS Oper Syst Rev 45(2): 38–53. https://doi.org/10.1145/2007183.2007189
Sailer R, Jaeger T, Valdez E, Caceres R, Perez R, Berger S, Griffin J, van Doorn L (2005) Building a MAC-based security architecture for the Xen open-source hypervisor. In: Annual computer security applications conference (ACSAC), Washington, DC 859, pp 10–285. https://doi.org/10.1109/CSAC.2005.13
Afoulki Z, Rouzaud-Cornabas J (2011) A security-aware scheduler for virtual machines on IAAS clouds. Technical Report RR-2011-08, LIFO, ENSI de Bourges. http://www.univ-orleans.fr/lifo/prodsci/rapports/RR/RR2011/RR-2011-08.pdf. Accessed 4 June 2018
Rueda S, Sreenivasan Y, Jaeger T (2008) Flexible security configuration for virtual machines. In: Proceedings of the 2nd ACM workshop on computer security architectures, New York. ACM, pp 35–44. https://doi.org/10.1145/1456508.1456515
Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing security of virtual machine images in a cloud environment. In: ACM workshop on cloud computing security (CCSW '09). ACM, New York, NY, USA, 91–96. https://doi.org/10.1145/1655008.1655021
Gofman M, Luo R, Yang P, Gopalan K (2011) Sparc: a security and privacy aware virtual machinecheckpointing mechanism. In: Proceedings of the 10th annual ACM workshop on privacy in the electronic society, Chicago. ACM, pp 115–124. https://doi.org/10.1145/2046556.2046571
Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM workshop on cloud computing security, Chicago. ACM, pp 91–96. https://doi.org/10.1145/1655008.1655021
Sabahi F (2012) Secure virtualization for cloud environment using hypervisor-based technology. Int J Mach Learn Comput 2(1):39–45. https://doi.org/10.7763/IJMLC.2012.V2.87
Lee S, Yu F (2014) Securing KVM-based cloud systems via virtualization introspection. In: Proceedings of the annual Hawaii international conference on system sciences, pp 5028–5037. https://doi.org/10.1109/HICSS.2014.617
Ajay Kumara MA, Jaidhar CD (2015) Hypervisor and virtual machine dependent intrusion detection and prevention system for virtualized cloud environment. In: 2015 international conference on telematics and future generation networks, TAFGEN 2015, pp 28–33. https://doi.org/10.1109/TAFGEN.2015.7289570
Cloud Security Alliance (2015) Best practices for mitigating risks in virtualized environments, pp 1–35. https://downloads.cloudsecurityalliance.org/whitepapers/Best_Practices_for_Mitigating_Risks_Virtual_Environments_April2015_4-1-15_GLM5.pdf. Accessed 19 May 2018
Kazim M, Zhu SY (2018) Virtualization security in cloud computing, In: Zhu S, Hill R, Trovati M (eds) Guide to Security Assurance for Cloud Computing. Computer Communications and Networks. Springer, Cham. pp 51–63. https://doi.org/10.1007/978-3-319-25988-8
Kumar NLU, Siddappa M (2016) Ensuring security for virtualization in cloud services. In: International Conference on Electrical, Electronics, Communication. Computer and Optimization Techniques (ICEECCOT), Mysuru, pp. 248–251. https://doi.org/10.1109/ICEECCOT.2016.7955224
Donaldson S, Coull N, Mcluskie D (2018) A methodology for testing virtualisation security. In: International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), London, pp. 1–8. https://doi.org/10.1109/CyberSA.2017.8073397
DIldar MS, Khan N, Abdullah JB, Khan AS (2017) Effective way to defend the hypervisor attacks in cloud computing. In: 2017 2nd international conference on anti-cyber crimes, ICACC 2017, pp 154–59. https://doi.org/10.1109/Anti-Cybercrime.2017.7905282
Mishra P, Pilli ES, Varadharajan V, Tupakula U (2017) Out-VM monitoring for malicious network packet detection in cloud. ISEA Asia Security and Privacy (ISEASP), Surat, pp 1–10. https://doi.org/10.1109/ISEASP.2017.7976995
Acknowledgements
We would like to thank the anonymous reviewers for their valuable feedback and constructive suggestions which have helped to improve the quality and presentation of this article. We also express our gratitude to Dr. O P Vyas for initiating the early discussions on virtualization security issues which led in part towards the completion of this work. Finally, we are also thankful to Dr. Vipul K Dabhi and Dr. Savita Gandhi for their continuous support and encouragements throughout the preparation of this article.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Tank, D., Aggarwal, A. & Chaubey, N. Virtualization vulnerabilities, security issues, and solutions: a critical study and comparison. Int. j. inf. tecnol. 14, 847–862 (2022). https://doi.org/10.1007/s41870-019-00294-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41870-019-00294-x