How secure is the current practice in
virtualisation?
Virtualisation technology makes best use of available processor
and memory resources which is often done by server consolidation -
running multiple virtual machines on a single physical host,
writes Vernon Poole, head of business consultancy for
Sapphire Technologies and
member of
ISACA's Information Security Management Committee.
Each virtual machine operates almost as though it were a
discrete physical host. This is achieved with a
piece of software known as a hypervisor. The hypervisor is
responsible for managing memory and CPU resources between the
running virtual machines (also known as guest machines), providing
a set of virtual hardware resources (such as display controllers,
network interfaces, storage devices etc.) to guest hosts and
providing a control channel between the system operator and the
guest machines.
For each system, a virtualised environment contains three extra
'layers' that may be attacked - physical host hardware, physical
host OS and the hypervisor. If any of these are compromised then
all virtualised guest hosts on the physical system are compromised
also as the attacker can then manipulate all aspects of guest hosts
at will. Therefore the physical and hypervisor layers should be
closely guarded against unauthorised access.
Aside from attacks via the hypervisor, guest hosts are as
vulnerable to direct attack as they would be as conventional
physical systems. However, once a guest host is compromised, it is
then possible to attack the hypervisor layer from the guest.
As indicated, there is an element of communication between the
hypervisor and the guest systems. This is made up of special
communication channels, which allow client tools to communicate
system state back to or accept instructions from the management
tool for the hypervisor and the operation of the various virtual
hardware devices.
Bugs or back-doors in any of these components could be used to
compromise the hypervisor or other guests running on the same
hypervisor. Several such bugs have been
discovered and demonstrated in existing virtualisation software
packages.
Virtualisation significantly weakens the security boundaries
between objects in the same virtual domain.
Read more expert advice from the Computer Weekly Security Think
Tank >>