Skip to main content
SpringerLink
Log in

Virtualization vulnerabilities, security issues, and solutions: a critical study and comparison

  • Original Research
  • Published:
International Journal of Information Technology Aims and scope Submit manuscript

Abstract

Virtualization is technological revolution that separates functions from underlying hardware and allows us to create useful environment from abstract resources. Virtualization technology has been targeted by attackers for malicious activity. Attackers could compromise VM infrastructures, allowing them to access other VMs on the same system and even the host. Our article emphasize on the assessment of virtualization specific vulnerabilities, security issues and possible solutions. In this article, a recent comprehensive survey on virtualization threats and vulnerabilities is presented. We also described taxonomy of cloud-based attacks on the virtualized system and existing defense mechanisms intended to help academia, industry and researchers to gain deeper and valuable insights into the attacks so that the associated vulnerabilities can be identified and subsequently required actions would be taken. We provide an exhaustive comparison of various techniques proposed by researchers to resolve virtualization specific vulnerabilities. To guide future research, we discussed generalized security measures and requirements to be taken to achieve secure virtualized implementations. At the end, we shed some light on cloud shared responsibility model to decide which roles cloud service providers and cloud service customers play in cloud security. The aim of this article is to deliver researchers, academicians and industry with a superior understanding of existing attacks and defense mechanisms on cloud security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Alameri I, Radchenko G (2017) Development of student information management system based on cloud computing platform. Journal of Applied Computer Science & Mathematics 11:9–14. https://doi.org/10.4316/JACSM.201702001

    Article  Google Scholar 

  2. Sosinsky B (2011) Cloud computing bible. https://doi.org/10.1145/358438.349303

  3. Zhu G, Yin Y, Cai R, Li K (2017) Detecting virtualization specific vulnerabilities in cloud computing environment. In: IEEE international conference on cloud computing, CLOUD 2017-June, pp 743–48

  4. Pearce M, Zeadally S, Hunt R (2013) Virtualization: issues, security threats, and solutions. ACM Comput Surv 45(2):17:1–17:39. https://doi.org/10.1145/2431211.2431216

    Article  Google Scholar 

  5. Asad S, Fatima M, Saeed A, Raza I (2017) Multilevel classification of security concerns in cloud computing. Appl Comput Inf 13(1):57–65. https://doi.org/10.1016/j.aci.2016.03.001

    Article  Google Scholar 

  6. Granneman (2012) Virtualization vulnerabilities and virtualization security threats. https://searchcloudsecurity.techtarget.com/tip/Virtualization-vulnerabilities-and-virtualization-security-threats

  7. Sempolinski P, Thain D (2010) A comparison and critique of Eucalyptus, OpenNebula and Nimbus. https://doi.org/10.1109/CloudCom.2010.42

  8. Nagar N, Suman U (2016) Analyzing virtualization vulnerabilities and design a secure cloud environment to prevent from XSS attack. Int J Cloud Appl Comput 6(1):1–14. https://doi.org/10.4018/IJCAC.2016010101

    Article  Google Scholar 

  9. Kaur A, Gupta G, Bhathal GS (2017) Role of virtualization in cloud computing. Global J Eng Sci Res 4(7):143–150. https://doi.org/10.5281/zenodo.835421

    Article  Google Scholar 

  10. Wu J, Lei Z, Chen S, Shen W (2017) An access control model for preventing virtual machine escape attack. Future Int 9:2. https://doi.org/10.3390/fi9020020

    Article  Google Scholar 

  11. Zhang Y, Juels A, Oprea A, Reiter M (2011) Homealone: Co-residency detection in the cloud via side-channel analysis. In: IEEE symposium on security and privacy (Oakland), Oakland, CA, pp 313–328. https://doi.org/10.1109/SP.2011.31

  12. Wojtkowiak A (2012) Protection for virtual environments ? IBM Virtual Server Protection. IBM Corporation

  13. Gupta S, Kumar P (2013) Taxonomy of cloud security. Int J Comput Sci Eng Appl 3(5):47–67. https://doi.org/10.5121/ijcsea.2013.3505

    Article  Google Scholar 

  14. Perez-Botero D, Szefer J, Lee RB (2013) Characterizing hypervisor vulnerabilities in cloud computing servers. Published in SCC@ASIACCS, 3-10. https://doi.org/10.1145/2484402.2484406

  15. Moyo T, Bhogal J (2014) Investigating security issues in cloud computing. In: Eighth International Conference on Complex, Intelligent and Software Intensive Systems, Birmingham, pp. 141–146. https://doi.org/10.1109/CISIS.2014.21

  16. Kazim M, Zhu SY (2015) Virtualization security in cloud computing. In: Zhu S, Hill R, Trovati M (eds) Guide to security assurance for cloud computing. Computer communications and networks. Springer, Cham. https://doi.org/10.1007/978-3-319-25988-8

    Chapter  Google Scholar 

  17. Wang Z, Yang R, Fu X, Du X, Luo B (2016) A shared memory based cross-VM side channel attacks in IaaS cloud. In: 2016 IEEE conference on computer communications workshops (INFOCOM WKSHPS), pp 181–86. http://ieeexplore.ieee.org/document/7562068/

  18. Hussain SA, Fatima M, Saeed A, Raza I, Shahzad RK (2017) Multilevel classification of security concerns in cloud computing. Appl Comput Inform 13(1):57–65. https://doi.org/10.1016/j.aci.2016.03.001

  19. Zhang T (2017) Detection and mitigation of security threats in cloud computing. PhD Thesis, Electrical Engineering Department, Princeton University, Princeton, NJ, p 257. Retrieved from http://palms.ee.princeton.edu/node/479

  20. Jiang Wu, Zhou Lei, Shengbo Chen, Wenfeng Shen, (2017) An Access Control Model for Preventing Virtual Machine Escape Attack. Future Internet 9 (2):20. https://doi.org/10.3390/fi9020020

  21. Geeta CM et al. (2018) Data auditing and security in cloud computing: issues, challenges and future directions. Int J Comput (IJC) 28(1):8–57.

  22. Dubey S, Verma K, Rizvi MA, Ahmad K (2018) SWOT Analysis of Cloud Computing Environment. In: Aggarwal V, Bhatnagar V, Mishra D (eds) Big Data Analytics. Advances in Intelligent Systems and Computing, vol 654. Springer, Singapore. https://doi.org/10.1007/978-981-10-6620-7_71

  23. Zhang T, Lee RB (2018) Design, implementation and verification of cloud architecture for monitoring a virtual machine’s security health. IEEE Trans Comput 67(6):799–815. https://doi.org/10.1109/tc.2017.2780823

    Article  MathSciNet  Google Scholar 

  24. Ravi Kumar P, Herbert Raj P, Jelciana P (2018) Exploring data security issues and solutions in cloud computing. Proc Comput Sci 125:691-697. ISSN: 1877-0509. https://doi.org/10.1016/j.procs.2017.12.089

  25. Patil S (2017) Digital forensics technique for detection of attack and previous data restoration in cloud environment. 6:427–433. https://doi.org/10.23956/ijarcsse/V7I6/0125

  26. Rouse (2016) What is virtualization? Definition from WhatIs.com. Retrieved from https://searchservervirtualization.techtarget.com/definition/virtualization

  27. Zhu SY, Hill R, Trovati M (2015) Guide to security assurance for cloud computing, computer communications and networks book series (CCN). Springer International Publishing, ISBN: 978-3-319-25986-4, 978-3-319-25988-8

  28. Gonzalez N, Miers C, Redígolo F et al (2012) J Cloud Comp 1:11. https://doi.org/10.1186/2192-113X-1-11

    Article  Google Scholar 

  29. Kabir MH, Islam S, Hossain S (2015) A detail overview of cloud computing with its opportunities and obstacles in developing countries. Int J Eng Sci Invent 4(4):52–63 

    Google Scholar 

  30. Rouse (2015) What is hypervisor attack? Definition from WhatIs.com. https://whatis.techtarget.com/definition/hypervisor-attack. Accessed 10 Mar 2018

  31. Adla, Vishrutha (2013) Comparing performance of HyperV and VMware considering network isolation in virtual machines. Masters thesis, Dublin, National College of Ireland. http://trap.ncirl.ie/id/eprint/907. Accessed 25 Mar 2018

  32. From Wikipedia, the free encyclopedia (2017) Hyperjacking—wikipedia. https://en.wikipedia.org/wiki?curid=45523767. Accessed 17 May 2018

  33. Jansen WA (2011) Cloud hooks: security and privacy issues in cloud computing. In: 2011 44th Hawaii international conference on system sciences, Kauai, HI, 2011, pp 1–10. https://doi.org/10.1109/hicss.2011.103

  34. Hyde D (2009) A survey on the security of virtual machines. A project report written under the guidance of Prof. Raj Jain. https://www.cse.wustl.edu/~jain/cse571-09/ftp/vmsec/. Accessed 11 Nov 2017

  35. Zhu SY, Hill R, Trovati M (2015) Guide to security assurance for cloud computing. Springer, Switzerland. https://doi.org/10.1007/978-3-319-25988-8

  36. Xiong H, Zheng Q, Zhang X, Yao D (2013) CloudSafe: securing data processing within vulnerable virtualization environments in the cloud. In: 2013 IEEE conference on communications and network security (CNS), National Harbor, MD, 2013, pp 172–180. https://doi.org/10.1109/cns.2013.6682705

  37. Schwarzkopf R, Schmidt M, Strack C, Freisleben B (2011) Checking running and dormant virtual machines for the necessity of security updates in cloud environments. In: 2011 IEEE third international conference on cloud computing technology and science, Athens, pp 239–246. https://doi.org/10.1109/cloudcom.2011.40

  38. Schwarzkopf R, Schmidt M, Strack C, Martin S, Freisleben B (2012) Increasing virtual machine security in cloud environments. J Cloud Comp (2012) 1:12. https://doi.org/10.1186/2192-113X-1-12

  39. Himanshu (2017) Technology redefine: footprinting [Blog post]. https://technologyredefine.blogspot.com/2017/09/footprinting_17.html. Accessed 23 Jan2018

  40. Kazim M, Zhu SY (2015) Virtualization security in cloud computing. In: Zhu S, Hill R, Trovati M (eds) Guide to security assurance for cloud computing. computer communications and networks. Springer, Cham. https://doi.org/10.1007/978-3-319-25988-8

    Chapter  Google Scholar 

  41. Catteddu D (2010) Cloud computing: benefits, risks and recommendations for information security, In: Serrão C, Aguilera Díaz V, Cerullo F (eds) Web Application Security. IBWAS 2009. Communications in Computer and Information Science, vol 72. Springer, Berlin, Heidelberg, pp 17–17. https://doi.org/10.1007/978-3-642-16120-9_9

  42. What is Virtualization Security? Definition from Techopedia. https://www.techopedia.com/definition/30243/virtualization-security. Accessed 23 Mar 2018

  43. Jeena R, Kumar SS, Sudhan SKHH (2014) Efficient and secure techniques for protecting data in the cloud. In: International conference on information communication and embedded systems (ICICES2014), Chennai, 2014, pp 1–5. https://doi.org/10.1109/icices.2014.7033771

  44. Rouse (2017) What is shared responsibility model? Definition from WhatIs.com. https://searchcloudcomputing.techtarget.com/definition/shared-responsibility-model. Accessed 14 April 2018

  45. Gresser (2017) Who is responsible for cloud security? https://securityintelligence.com/who-is-responsible-for-cloud-security/. Accessed 24 Jan 2018

  46. YungChou (2010) Cloud Computing Primer for IT Pros—Yung Chou on Hybrid Cloud. https://blogs.technet.microsoft.com/yungchou/2010/11/15/cloud-computing-primer-for-it-pros/. Accessed 15 Nov 2017

  47. McCune JM, Li Y, Qu N, Zhou Z, Datta A, Gligor V, Perrig A (2010). TrustVisor: efficient TCB reduction and attestation. In IEEE symposium on security and privacy, Berkeley/Oakland, CA, pp 143–158. https://doi.org/10.1109/SP.2010.17

  48. Vasudevan A, Chaki S, Jia L, McCune J, Newsome J, Datta A (2013) Design, implementation and verification of an extensible and modular hypervisor framework. In: IEEE symposium on security and privacy, Berkeley, CA, pp. 430–444. https://doi.org/10.1109/SP.2013.36

  49. Wang Z, Jiang X (2010) HyperSafe: a lightweight approach to provide lifetime hypervisor control-low integrity. In: IEEE symposium on security and privacy, 380–395. https://doi.org/10.1109/SP.2010.30

  50. Azab AM, Ning P, Wang Z, Jiang X, Zhang X, Skalsky NC (2010) HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In: ACM conference on computer and communications security, 38–49. https://doi.org/10.1145/1866307.1866313

  51. Butt S, Lagar-Cavilla HA, Srivastava A, Ganapathy V (2012) Self-service cloud computing. In: ACM conference on computer and communications security, ACM, New York, NY, USA, 253–264. https://doi.org/10.1145/2382196.2382226

  52. Keller E, Szefer J, Rexford J, Lee RB (2010) NoHype: virtualized cloud infrastructure without the virtualization. In: ACM international symposium on computer architecture, ACM, New York, NY, USA, 350–361. https://doi.org/10.1145/1815961.1816010

  53. Szefer J, Keller E, Lee R, Rexford J (2011) Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM conference on computer and communications security, Chicago. ACM, pp 401–412. https://doi.org/10.1145/2046707.2046754

  54. Ye X et al (2016) An anomalous behavior detection model in cloud computing. In: Tsinghua Science and Technology 21(3):322–332. https://doi.org/10.1109/TST.2016.7488743

    Article  Google Scholar 

  55. Szefer J, Keller E, Lee R, Rexford J (2011) Eliminating the hypervisor attack surface for a more secure cloud. In: Proceedings of the 18th ACM conference on computer and communications security, Chicago. ACM, pp 401–412. https://doi.org/10.1145/2046707.2046754

  56. Wang Z, Jiang X (2010) HyperSafe: a lightweight approach to provide lifetime hypervisor control-low integrity. In: IEEE symposium on security and privacy, pp 380–395. https://doi.org/10.1109/SP.2010.30

  57. Jiang X, Wang X, Xu D (2007) Stealthy malware detection through VMM-based out-of-the-box semantic view reconstruction. In: ACM conference on computer and communications security, ACM, New York, NY, USA, 128–138. https://doi.org/10.1145/1315245.1315262

  58. Payne BD, Carbone M, Sharif M, Lee W (2008) Lares: an architecture for secure active monitoring using virtualization. In: IEEE symposium on security and privacy, Oakland, CA, pp. 233–247. https://doi.org/10.1109/SP.2008.24

  59. Azmandian F, Moffie M, Alshawabkeh M, Dy J, Aslam J, Kaeli D (2011) Virtual machine monitor-based lightweight intrusion detection. ACM SIGOPS Oper Syst Rev 45(2): 38–53. https://doi.org/10.1145/2007183.2007189

  60. Sailer R, Jaeger T, Valdez E, Caceres R, Perez R, Berger S, Griffin J, van Doorn L (2005) Building a MAC-based security architecture for the Xen open-source hypervisor. In: Annual computer security applications conference (ACSAC), Washington, DC 859, pp 10–285. https://doi.org/10.1109/CSAC.2005.13

  61. Afoulki Z, Rouzaud-Cornabas J (2011) A security-aware scheduler for virtual machines on IAAS clouds. Technical Report RR-2011-08, LIFO, ENSI de Bourges. http://www.univ-orleans.fr/lifo/prodsci/rapports/RR/RR2011/RR-2011-08.pdf. Accessed 4 June 2018

  62. Rueda S, Sreenivasan Y, Jaeger T (2008) Flexible security configuration for virtual machines. In: Proceedings of the 2nd ACM workshop on computer security architectures, New York. ACM, pp 35–44. https://doi.org/10.1145/1456508.1456515

  63. Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing security of virtual machine images in a cloud environment. In: ACM workshop on cloud computing security (CCSW '09). ACM, New York, NY, USA, 91–96. https://doi.org/10.1145/1655008.1655021

  64. Gofman M, Luo R, Yang P, Gopalan K (2011) Sparc: a security and privacy aware virtual machinecheckpointing mechanism. In: Proceedings of the 10th annual ACM workshop on privacy in the electronic society, Chicago. ACM, pp 115–124. https://doi.org/10.1145/2046556.2046571

  65. Wei J, Zhang X, Ammons G, Bala V, Ning P (2009) Managing security of virtual machine images in a cloud environment. In: Proceedings of the 2009 ACM workshop on cloud computing security, Chicago. ACM, pp 91–96. https://doi.org/10.1145/1655008.1655021

  66. Sabahi F (2012) Secure virtualization for cloud environment using hypervisor-based technology. Int J Mach Learn Comput 2(1):39–45. https://doi.org/10.7763/IJMLC.2012.V2.87

    Article  Google Scholar 

  67. Lee S, Yu F (2014) Securing KVM-based cloud systems via virtualization introspection. In: Proceedings of the annual Hawaii international conference on system sciences, pp 5028–5037. https://doi.org/10.1109/HICSS.2014.617

  68. Ajay Kumara MA, Jaidhar CD (2015) Hypervisor and virtual machine dependent intrusion detection and prevention system for virtualized cloud environment. In: 2015 international conference on telematics and future generation networks, TAFGEN 2015, pp 28–33. https://doi.org/10.1109/TAFGEN.2015.7289570

  69. Cloud Security Alliance (2015) Best practices for mitigating risks in virtualized environments, pp 1–35. https://downloads.cloudsecurityalliance.org/whitepapers/Best_Practices_for_Mitigating_Risks_Virtual_Environments_April2015_4-1-15_GLM5.pdf. Accessed 19 May 2018

  70. Kazim M, Zhu SY (2018) Virtualization security in cloud computing, In: Zhu S, Hill R, Trovati M (eds) Guide to Security Assurance for Cloud Computing. Computer Communications and Networks. Springer, Cham. pp 51–63. https://doi.org/10.1007/978-3-319-25988-8

  71. Kumar NLU, Siddappa M (2016) Ensuring security for virtualization in cloud services. In: International Conference on Electrical, Electronics, Communication. Computer and Optimization Techniques (ICEECCOT), Mysuru, pp. 248–251. https://doi.org/10.1109/ICEECCOT.2016.7955224

  72. Donaldson S, Coull N, Mcluskie D (2018) A methodology for testing virtualisation security. In: International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), London, pp. 1–8. https://doi.org/10.1109/CyberSA.2017.8073397

  73. DIldar MS, Khan N, Abdullah JB, Khan AS (2017) Effective way to defend the hypervisor attacks in cloud computing. In: 2017 2nd international conference on anti-cyber crimes, ICACC 2017, pp 154–59. https://doi.org/10.1109/Anti-Cybercrime.2017.7905282

  74. Mishra P, Pilli ES, Varadharajan V, Tupakula U (2017) Out-VM monitoring for malicious network packet detection in cloud. ISEA Asia Security and Privacy (ISEASP), Surat, pp 1–10. https://doi.org/10.1109/ISEASP.2017.7976995

Download references

Acknowledgements

We would like to thank the anonymous reviewers for their valuable feedback and constructive suggestions which have helped to improve the quality and presentation of this article. We also express our gratitude to Dr. O P Vyas for initiating the early discussions on virtualization security issues which led in part towards the completion of this work. Finally, we are also thankful to Dr. Vipul K Dabhi and Dr. Savita Gandhi for their continuous support and encouragements throughout the preparation of this article.

Author information

Authors and Affiliations

  1. L E College (Diploma), Gujarat Technological University, Ahmedabad, Gujarat, India

    Darshan Tank

  2. School of Computer Science, University of Windsor, Windsor, Canada

    Akshai Aggarwal

  3. S S Agrawal Institute of Computer Science, Gujarat Technological University, Ahmedabad, Gujarat, India

    Nirbhay Chaubey

Authors
  1. Darshan Tank
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Akshai Aggarwal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nirbhay Chaubey
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Darshan Tank.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tank, D., Aggarwal, A. & Chaubey, N. Virtualization vulnerabilities, security issues, and solutions: a critical study and comparison. Int. j. inf. tecnol. 14, 847–862 (2022). https://doi.org/10.1007/s41870-019-00294-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41870-019-00294-x

Keywords

Search

Navigation