Security Concerns while Securing Virtualized Environment
Virtualization has been a key enabling technology for the evolution of cloud computing. In order to provide computing and storage services to their clients, hardware virtualization has enabled IaaS providers to efficiently use the available hardware resources. There are certain requirements for virtualization for the design of virtualized computer architectures. In fact, three properties of interest (Hypervisors) for a virtual machine monitor (VMM) have been designed: equivalence, resource control, and efficiency. Hypervisors run directly on the host hardware, while hosted hypervisors run in the environment of an operating system (OS) and hence their access to the hardware resources is mediated by the OS.
Security risks are often associated with data, algorithms, activity patterns or business reputation, and are different for each organization or person. Hence, cloud users would benefit from both a choice of different levels of security as well as different aspects of security.
In the given scenario, a constant research effort in the area of cloud storage and cloud computing will bring security considerations for each cloud service (CS) client.
A significant body of research has been carried out in the area of secure virtual machines and particularly confidentiality of virtual machines in untrusted environments.
- Direct Memory Access is used with IO Memory Management Units in order to isolate the devices and only allow access to certain memory ranges assigned to each VM.
- A virtual TPM is instantiated and placed in a specialized domain Dom0 U and further executes the role of the TPM for other Dom0 X.
Note: Dom0 is the domain started by the Xen hypervisor on boot.
- The guest VM boot process uses a custom protocol, which relies on asymmetric cryptography in order to ensure the VM is instantiated in a trusted environment;
- In the process of saving and restoring the image the authors adopt a “per page encryption method” to encrypt the instance before it’s handed over to Dom0.
A major drawback of the proposed method is a reported tangible performance hit. However, no clear benchmarks have been provided. Furthermore, secure VM migration is left as an unsolved challenge.
Minimizing the TCB and sealing the attack surface is one of the basic principles of application security, several of the examined approaches aim to solve this by reducing the trusted computing base. However, there are various assumptions that have been made to address the security concerns in a virtualized environment.
You may also like: How to Set-Up a VMWare Virtual Machine for Testing?