Royal Holloway 2011

Hypervisor security: New techniques for securing virtual machines

Virtualisation has become an unstoppable trend in IT, promising not only better use of resources, but also ease of management, lower costs, more flexible systems and even smaller electricity bills.

But cramming multiple virtual machines onto a single physical server comes at a risk. If attackers can penetrate the software that orchestrates the whole virtual environment – the hypervisor, or virtual machine monitor – they can take control of every virtual machine under its control, and all the data stored on them.

Hypervisors are written to be robust and secure, but, like any other piece of software, they will inevitably contain vulnerabilities, which, if discovered by an attacker, could be exploited.

The key to hypervisor security, therefore, is to monitor events within the virtual environment, so any unusual behaviour can be flagged early.

For his MSc thesis at Royal Holloway University of London (RHUL), Fotios Tsifountidis, under the supervision of lecturer Geraint Price, set out to explore the different approaches organisations can use to monitor virtual environments – such as host-based or network-based intrusion protection systems.

In an article now published on SearchSecurity.co.UK, they outline the benefits and disadvantages of the two approaches, and propose a middle way for securing virtual machines that combines benefits of both, called virtual machine introspection.

If your company is deploying virtual systems, this article is essential reading.

The feature is one of five SearchSecurity.co.UK is publishing this year in collaboration with RHUL.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in May 2011

 

COMMENTS powered by Disqus  //  Commenting policy