Security Challenges of Virtualization Hypervisors in Virtualized Hardware Environment

Gabriel Cephas Obasuyi; Arif Sari

doi:10.4236/ijcns.2015.87026

Home > Journals > Computer Science & Communications > IJCNS

IJCNS> Vol.8 No.7, July 2015

Share This Article:

Open Access

Security Challenges of Virtualization Hypervisors in Virtualized Hardware Environment

Abstract Full-Text HTML XML

Download as PDF (Size:1213KB) PP. 260-273

DOI: 10.4236/ijcns.2015.87026 4,031 Downloads 4,862 Views Citations

Author(s) Leave a comment

Gabriel Cephas Obasuyi, Arif Sari

Affiliation(s)

The Management Centre of the Mediterranean, Nicosia, Cyprus.

ABSTRACT

The concept of virtualization machines is not new, but it is increasing vastly and gaining popularity in the IT world. Hypervisors are also popular for security as a means of isolation. The virtualization of information technology infrastructure creates the enablement of IT resources to be shared and used on several other devices and applications; this increases the growth of business needs. The environment created by virtualization is not restricted to any configuration physically or execution. The resources of a computer are shared logically. Hypervisors help in virtualization of hardware that is a software interact with the physical system, enabling or providing virtualized hardware environment to support multiple running operating system simultaneously utilizing one physical server. This paper explores the benefits, types and security issues of Virtualization Hypervisor in virtualized hardware environment.

KEYWORDS

Virtualization, Hypervisors, Virtual Machine, Virtual Machine Monitor, Security

Conflicts of Interest

The authors declare no conflicts of interest.

Cite this paper

Obasuyi, G. and Sari, A. (2015) Security Challenges of Virtualization Hypervisors in Virtualized Hardware Environment. International Journal of Communications, Network and System Sciences, 8, 260-273. doi: 10.4236/ijcns.2015.87026.

References

[1]	Gu, Z.H. and Zhao, Q.L. (2012) A State-of-the-Art Survey on Real-Time Issues in Embedded Systems Virtualization. Journal of Software Engineering and Applications, 5, 277-290. http://dx.doi.org/10.4236/jsea.2012.54033

[2]	VMWare (2007) Understanding Full Virtualization, Paravirtualization and Hardware Assist. http://www.vmware.com/files/pdf/VMware_paravirtualization.pdf

[3]	Fayyad-Kazan, H., Perneel, L. and Timmerman, M. (2013) Full and Para-Virtualization with Xen: A Performance Comparison. Journal of Emerging Trends in Computing and Information Sciences, 4, 719-727.

[4]	Expert Glossary. http://www.expertglossary.com/virtualization/definition/hypervisor

[5]	Riley, R., Jiang, X. and Xu, D. (2008) Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. Proceedings of the 11th Recent Advances in Intrusion Detection, 5230, 1-20. http://dx.doi.org/10.1007/978-3-540-87403-4_1

[6]	Jiang, X., Wang, X. and Xu, D. (2007) Stealthy Malware Detection through VMM-Based “Out-Of-the-Box” Semantic View Reconstruction. Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA, 29 October-2 November 2007, 128-138. http://dx.doi.org/10.1145/1315245.1315262

[7]	Lanzi, A., Sharif, M. and Lee, W. (2009) K-Tracer: A System for Extracting Kernel Malware Behavior. Proceedings of the 16th Network and Distributed System Security Symposium, San Diego, February 2009, 83-91.

[8]	Payne, B.D., Carbone, M., Sharif, M.I. and Lee, W. (2008) Lares: An Architecture for Secure Active Monitoring Using Virtualization. Proceedings of the 29th IEEE Symposium on Security and Privacy, Oakland, CA, 18-22 May 2008, 233-247.

[9]	Rhee, J. and Xu, D. (2010) LiveDM: Temporal Mapping of Dynamic Kernel Memory for Dynamic Kernel Malware Analysis and Debugging. Tech. Rep. 2010-02, CERIAS.

[10]	Riley, R., Jiang, X. and Xu, D. (2009) Multi-Aspect Profiling of Kernel Rootkit Behavior. Proceedings of the 4th ACM European Conference on Computer Systems, Nuremberg, 1-3 April 2009, 47-60. http://dx.doi.org/10.1145/1519065.1519072

[11]	Seshadri, A., Luk, M., Qu, N. and Perrig, A. (2007) SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. Proceedings of the 21st ACM Symposium on Operating Systems Principles, Stevenson, 14-17 October 2007, 335-350. http://dx.doi.org/10.1145/1294261.1294294

[12]	Sharif, M., Lee, W., Cui, W. and Lanzi, A. (2009) Secure In-VM Monitoring Using Hardware Virtualization. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, 9-13 November 2009, 477-487. http://dx.doi.org/10.1145/1653662.1653720

[13]	Wang, Z., Jiang, X., Cui, W. and Ning, P. (2009) Countering Kernel Rootkits with Lightweight Hook Protection. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, 9-13 November 2009, 545-554. http://dx.doi.org/10.1145/1653662.1653728

[14]	Yin, H., Liang, Z. and Song, D. (2008) HookFinder: Identifying and Understanding Malware Hooking Behaviors. Proceedings of the 16th Network and Distributed System Security Symposium, San Diego, 8-11 February 2008, 1-16.

[15]	Chow, J., Garfinkel, T. and Chen, P.M. (2008) Decoupling Dynamic Program Analysis from Execution in Virtual Environments. Proceedings of the 2008 USENIX Annual Technical Conference, Boston, 22-27 June 2008, 1-14.

[16]	Windows Server 2008 Hyper-V Technical Overview. http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBcQFjAA&url=http%3A%2F%2Fdownlo ad.microsoft.com%2Fdownload%2F4%2F2%2Fb%2F42bea8d6-9c77-4db8-b405-6bffce59b157%2F HyperV%2520Technical%2520Overview.docx&rct=j&q=hyper%20technical%20overview&ei=nARTZH 9K_O10QHoneDfDg&usg=AFQjCNFLYm3D9izTVMzHZ_Nbe87WtEbAVg&cad=rja/

[17]	www.vmware.com.

[18]	https://docs.oracle.com/cd/E20065_01/doc.30/e18549/intro.htm.

[19]	Rosenblum, M. and Garnkel, T. (2005) Virtual Machine Monitors: Current Technology and Future Trends. Computer, 38, 39-47.

[20]	Zhao, X., Borders, K. and Prakash, A. (2009) Virtual Machine Security System. Advances in Computer Science and Engineering, 1, 339-365.

[21]	Wang, Z., Jiang, X.X., Cui, W.D. and Ning, P. (2009) Countering Kernel Rootkits with Lightweight Hook Protection. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, 9-13 November 2009, 545-554. http://dx.doi.org/10.1145/1653662.1653728

[22]	Virtualization in Education. IBM, October 2007.

[23]	http://en.wikipedia.org/wiki/Virtualization

[24]	http://securitywing.com/types-virtualization-technology/

[25]	http://www.vmware.com/solutions/technology

[26]	www.vmware.com%2Ffiles%2Fpdf%2Fapplication-virtualization-vmware-thinapp.pdf

[27]	http://www.techadvisory.org/2013/07/4-types-of-virtualization-defined.

[28]	http://en.wikipedia.org/wiki/Virtualization#Desktop_virtualization.

[29]	http://wiki.xenproject.org/wiki/Nested_Virtualization_in_Xen

[30]	VMware, Consolidating Mission Critical Servers. www.vmware.com/solutions/consolidation/mission critical.html

[31]	http://en.wikipedia.org/wiki/Memory_virtualization

[32]	Wasserman, O. and Hat, R. (2013) Nested Virtualization: Shadow Turtles. KVM Forum.

[33]	Uhlig, R., Neiger, G., Rodgers, D., Santoni, A.L., Martins, F.C.M., Anderson, A.V., et al. (2005) Intel Virtualization Technology. Computer, 38, 48-56. http://dx.doi.org/10.1109/mc.2005.163

[34]	Texiwill, G. (2009) Is Network Security the Major Component of Virtualization Security?

[35]	Bennani, M.N. and Menasce, D.A. (2005) Resource Allocation for Autonomic Data Centers Using Analytic Performance Models. Proceedings of the 2005 IEEE International Conference on Autonomic Computing, Seattle, 13-16 June 2005, 224-240. http://dx.doi.org/10.1109/icac.2005.50

[36]	Sarna, D.E.Y. (2011) Implementing and Developing Cloud Computing Applications. Taylor and Francis Group, LLC, CRC Press, Boca Raton.

[37]	Litty, L. (2005) Hypervisor-Based Intrusion Detection. Master’s Thesis, Department of Computer Science, University of Toronto, Toronto.

[38]	Sabahi, F. (2011) Intrusion Detection Techniques Performance in Cloud Environments. Proceedings of the Conference on Computer Design and Engineering, Kuala Lumpur, 12-14 August 2011, 398-402. http://dx.doi.org/10.1115/1.859797.paper64

[39]	Gu, Z.H. and Zhao, Q.L. (2012) A State-of-the-Art Survey on Real-Time Issues in Embedded Systems Virtualization. Journal of Software Engineering and Applications, 5, 277-290.