How secure is the current practice in virtualisation?
Virtualisation technology makes best use of available processor and memory resources which is often done by server consolidation - running multiple virtual machines on a single physical host, writes Vernon Poole, head of business consultancy for Sapphire Technologies and member of ISACA's Information Security Management Committee.
Each virtual machine operates almost as though it were a discrete physical host. This is achieved with a piece of software known as a hypervisor. The hypervisor is responsible for managing memory and CPU resources between the running virtual machines (also known as guest machines), providing a set of virtual hardware resources (such as display controllers, network interfaces, storage devices etc.) to guest hosts and providing a control channel between the system operator and the guest machines.
For each system, a virtualised environment contains three extra 'layers' that may be attacked - physical host hardware, physical host OS and the hypervisor. If any of these are compromised then all virtualised guest hosts on the physical system are compromised also as the attacker can then manipulate all aspects of guest hosts at will. Therefore the physical and hypervisor layers should be closely guarded against unauthorised access.
Aside from attacks via the hypervisor, guest hosts are as vulnerable to direct attack as they would be as conventional physical systems. However, once a guest host is compromised, it is then possible to attack the hypervisor layer from the guest.
As indicated, there is an element of communication between the hypervisor and the guest systems. This is made up of special communication channels, which allow client tools to communicate system state back to or accept instructions from the management tool for the hypervisor and the operation of the various virtual hardware devices.
Bugs or back-doors in any of these components could be used to compromise the hypervisor or other guests running on the same hypervisor. Several such bugs have been discovered and demonstrated in existing virtualisation software packages.
Virtualisation significantly weakens the security boundaries between objects in the same virtual domain.
Read more expert advice from the Computer Weekly Security Think Tank >>
This was first published in January 2009