Cloud Computing Virtualisation Security Threats - Literature review Example

Cloud Computing Virtualization Security Threats Virtualization is now common all through the world and without it, the cloud environment would perhaps have a totally different form (Abdul, 2012). The software type which functions as the necessary building block when implementing virtualized solutions within data centers is referred to as hypervisor (CMeier,Mnovellino, 2013). Because the hypervisor sits between the guest system and the OS it is important that the component is given maximum security (Tyson T. Brooks, Carlos Caicedo, Joon S. Park, 2012) otherwise if the hypervisor is left vulnerable to exploits, it becomes the main target of the attackers (SZepher, 2011). . Virtualization makes the concept complicated but never makes security better or worse. There exists a set of crucial security concerns to be addresses if considering virtualization in a cloud computing environment. The purpose of this paper is to present an overview of the various virtualization security vulnerabilities plus threats that are particular to hypervisors. Keywords virtualization, vulnerabilities, hypervisors Introduction System virtualization is often implemented through the use of hyper visor technology. A hyper visor is a firmware or software component that is able to visualize the resources of a system (Tholeti, 2011). Virtualization is a key element of Infrastructure as a Service cloud offering (Alliance, 2011) and has a widespread use in sections of the Software as a Service and Infrastructure as a Service too (technology, 2010). It has benefits like data centre consolidation, multi-tenancy plus better server utilization and cloud providers are able to attain a higher density which changes into better margins. Business enterprises could use virtualization in shrinking capital expenses on the server hardware and improve operational efficiency (Navaro, 2013). However, embracing virtualization comes with a set of security issues of the used operating system running in guest mode and newer security concerns pertaining to the hypervisor layer together with new virtualization based threats inter- Virtual Machine attacks It is necessary to understand that virtualization is different from the conventional physical environment (Granneman). The virtualization host is quite critical since it hosts several virtual machines. The hypervisor functions as the central management point for every VM image and a control centre for a number of the critical services, resulting into vulnerability leverage points (Alliance S. , 2010). Having the hypervisor compromised for introduction of a rogue VM or downloading an image is analogous to bypassing the physical security then break into a server room to introduce an external server or to steal the existing one. It is possible to bypass virtualization management applications and the virtualization control or hosting operating system could be directly accessed by the privileged users. Also, normal operating system security never protects the mission critical resources and data at a degree required to meet security best practices and regulatory compliance. Some of the virtualization security vulnerabilities are: Interactive Virtualization related risks In a situation where a virtualized server and a virtualized network exist, the total risk is always greater than the sum of the individual risks (Edward Ray, Eugine Schultz). Also falling under this are the risks featuring in the host environment, the initially installed operating system which functions as a host to all thins on some hardware platform. Vulnerability in any application or virtualized OS could be a weak link causing several compromises in the virtualized components. Operational Complexity from Virtual Machine Sprawl Typical enterprises increasingly request for VM because of the ease with which the VM is provisioned. However, this has the effect of increasing the odds of an operator error or configuration based errors together with creating a larger attack surface. Blind Spots and Inter-VM Attacks Virtualization largely impacts network security. Virtual machines could be communicating with one another via a hardware backplane instead of a network system. Hence, the standard network specific security controls become blind to such traffic and so cannot carry out in-line blocking or monitoring. Another point of vulnerability is migration of the virtual machines is. Migration of a malicious Virtual Machine into a trusted zone is an example of an attack scene, and using the conventional network oriented security controls, that misbehavior will never be detected. Unstructured Physical Boundaries Servers are conventionally stacked away within the server rooms where tighter physical controls are put in place to regulate any access to the boxes (Vax, 2010). On the other hand, the virtual environment proves to be quite different because servers are just files which could be copied from the host. An attempt to copy a server image is analogous moving into a server room and stealing the server. Furthermore, it is possible accessing the machine memory from the hypervisor and this can compromise information like encryption keys and passwords while under transit. Therefore, any access to a virtualization host is critical. Communication inside the Virtualization Level Virtual machines are involved in communication and data sharing. However, there is the danger that a means of communication which does not meet important security parameters can potentially be a point of vulnerability targeted by the attackers (Texiwill, 2009). Possibility of Escaping the VM This type of vulnerability refers to the capability of gaining access to the hypervisor while inside the Virtual Machine level. Creation of more APIs for use in the visualization platforms increases concern about the same increases. While the number of API’s created increases, the number of controls for disabling the functionality inside the Virtual Machine also increases and this has an effect on availability and performance. Instant-On Gaps This is based on the ease with which virtual machines could be started or stopped coupled with fast changing threats. It creates a situation whereby a VM is securely configured while turned off then new threats evolve at start up time making the machine more vulnerable to attacks. Single Point Failure In a hypervisor based virtualization only a single hypervisor is used so the system becomes a single point of failure (Sabahi, 2012). In the event that the used hypervisor crashes due to a successful attack or an overload, the entire system and the virtual machine will be affected (Sengupta, 2013). The hypervisors have security zones of their own and are controlling agents for all resources inside the virtualization host. They touch and impact every act of the virtual machines that run inside the virtualization host. The security zones despite being many in number exist in one security zone. This could raise a security issue in that if an attacker attains control of the hypervisor then he shall have succeeded in controlling data within the hypervisor territory. Hyper jacking This type of vulnerability can let the attacker gain full control of the hypervisor so as to access the VMs plus the associated data if exploited. It is launched against the type two hypervisor which run over host operating systems though type 1 attacks have a theoretical possibility. As an example, the attacker can craft and run a thin hypervisor which fully controls the underlying operating system. The Blue Pill root kit that Joanna Rutkowska developed is an example of how this risk might manifest itself. The root kit is a Trojan program which is designed to conceal the information regarding its existence from the administrator and other fellows that look for security breaches and anomalies within the system. The Blue Pill root kit is able to bypass the Vista integrity checking stage which involves loading of the unsigned code in the kernel of the Vista operating system. This code makes use of AMD’s secure virtual machine in masquerading itself from detection then becomes a hypervisor controlling the operating system without the knowledge of the administrators. However, in reality hyper jacking remains rare because of the difficulty of gaining direct access to hypervisors (Younger, 2012). Instances of Unrestricted Privileged Access It is usual identifying and controlling normal system users using the operating system or application security (Claycomb). Attempts of misuse or mistakes are common in such cases but as long as the controls under use are properly set, system damage or breach of confidentiality will remain out of question. Virtualization makes this problem worse (Winkler, 2011). The administrator is often in charge of the physical host plus the virtual sessions that run on the host (Samson, 2013). They could also gain access to sensitive data and impact on business continuity. In the absence of an independent access control strategy, several privileged users in different roles have the capability of interacting with a number of components related to a virtualization deployment (Investigations, 2012). Such an insufficiently controlled access to a hypervisor can potentially cause a great damage to a business enterprise by disruption of important services and compromising valuable information (Rowel, 2009). It is possible copying VM images together with the application and data that they hold. The copied images can be restored to the online system on an insecure network (Boothe, 2013) and this makes it easy for an intruder to gain access to contents managed in the copied image. Conclusion In spite of the benefits of the hypervisor like ability to detect threats that manage to pass through the security systems of the guest OS and functioning as a firewall to thwart the efforts of malicious users when trying to compromise the hardware infrastructure, there are a set of vulnerabilities associated with its use the virtual layer of the cloud environment and such vulnerabilities are the main target of the attackers. Therefore, it is critical that organizations resorting to cloud computing gain a full understanding of the cloud environ plus the related risks or threats and make prior plans to counteract the same to reap the full benefits of “taking things to the cloud“. Bibliography Abdul. (2012, December 31). Cloud Computing and Virtualization. Retrieved January 19, 2014, from www.cloudtweaks.com: http://www.cloudtweaks.com/2012/12/cloud-computing-and-virtualization/ Alliance, C. S. (2011). Security Guidance for critical Areas of Focus in Cloud computing V 3.0. Alliance, S. (2010, March). Top Ten Threats to Cloud Computing. Retrieved January 22, 2014, from Cloud Security Alliance: http://www.cloudsecurityalliance.org/topthreats/scathreats.v1.0.pdf Claycomb, W. R. Insider Threats to Cloud Computing:Directions for New Research Challenges. USA. CMeier,Mnovellino. (2013, October 26). Virtualization Vulnerabilities Related to Hypervisors. Retrieved January 22, 2014, from MIT Geospatial Data Centre: http://cybersecurity.mit.edu/2013/10/virtualization-vulnerabilities-related-to-hypervisors/ Edward Ray, Eugine Schultz. (n.d.). Virtualization Security. Retrieved January 22, 2014, from Virtualization: http://www.csiir.ornl.gov/csiirw/09/CSIIRW09-Proceedings/Abstracts/Ray-abstract.pdf Granneman, J. (n.d.). Virtualization Vulnerabilities and Virtualization Security Threats. Retrieved January 19, 2014, from Cloud Security: http://searchcloudsecurity.techtarget.com/tip/Virtualization-vulnerabilities-and-virtualization-security-threats Investigations, F. B. (2012, May). How to Spot an Insider Threat. Retrieved January 22, 2014, from Enonomic Epsionage: www.fbi.gov/news/stories/2012/may/insider Rowel, G. (2009). Virtualization: The Next Generation of Application Delivery Challenges. Sabahi, F. (2012). Secure Virtualization for Cloud Environment Using Hypervisor Based Technology. international Journal of Machine Learning and Computing , 39-45. Samson, T. (2013, February 25). 9 Top Threats to Cloud Computing. Retrieved January 19, 2014, from www.infoworld.com: http://www.infoworld.com/t/cloud-security/9-top-threats-cloud-computing-security Sengupta, D. (2013). A Survey on Security of Hypervisor based Virtualization System in Cloud Computing. SZepher, J. (2011). Eliminating a Hypervisor Attack for a More secure Cloud. Retrieved January 19, 2014, from www.cs.princeton.edu: http://www.cs.princeton.edu/~jrex/papers/ccs11.pdf technology, C. (2010, January 11). What is Virtualization and Cloud Computing. Retrieved January 19, 2014, from www.slideshare.net: http://www.slideshare.net/ConsonusTech/what-is-virtualization-and-cloud-computing Texiwill, G. (2009). Is Network Security the Major Component of Virtualization Security. Tholeti, B. P. (2011, September 23). Hypervisors, virtualization and the cloud. Retrieved January 22, 2014, from Developer works: http://www.ibm.com/developerworks/cloud/library/cl-hypervisorcompare/cl-hypervisorcompare-pdf.pdf Tyson T. Brooks, Carlos Caicedo, Joon S. Park. (2012). Security Vulnerability Analysis in Vitualization. International Journal of Intelligent Computing Research , 177-291. Vax, N. (2010, May). Securing Virtualized Environments and Accelerating Cloud Computing. Retrieved June 22, 2014, from Managing Access Virtual servers: http://www.ca.com/au/~/media/files/whitepapers/managing_access_virtual_servers_wp_231691.aspx Winkler, V. (2011, December). Virtual Cloud security Concerns. Retrieved January 19, 2014, from /technet.microsoft.com: http://technet.microsoft.com/en-us/magazine/hh641415.aspx Younger, J. (2012, February 25). Common Virtualization Vulnerabilities and How to mitigate Risks. Retrieved January 22, 2014, from Penetration Testing Lab: http://pentestlab.wordpress.com/2013/02/25/common-virtualization-vulnerabilities-and-how-to-mitigate-risks/ Read More