Hardware virtualization is the core concept behind the huge success of cloud computing in the last years. Effective isolation among different virtual machines running on the same host is promised, as well as isolation from the operating system that might be present on the host itself. These barriers are necessary, as cloud computing may create a situation where both provider and customer do not trust each other: The provider wants to keep full control over their expensive server hardware and the customer may want to process sensitive data inside their virtual machine that neither the provider nor other customers are allowed to see. As such, there are several attacker models to be considered in this context, both customers and hosting providers wanting to take control over other virtual machines or the physical server itself. In this paper, we consider attacks for each of the attacker models, as well as possible mitigations. In the end, we will find that while preventing VM escapes only really depends on having secure hypervisor implementations, efforts to protect the VM from the host itself are still rather flawed.
Inhaltsverzeichnis (Table of Contents)
- Introduction
- Virtualization Techniques
- Bare-Metal Virtualization (Type I)
- Hosted Virtualization (Type II)
- Attacker Models
- Guest VM User
Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)
This paper aims to explore security issues associated with hardware virtualization, a key technology behind the rise of cloud computing. The primary focus is on understanding the potential vulnerabilities and threats that arise in the context of isolating different virtual machines running on the same physical host. The paper explores various attacker models and their implications for the security of virtualized environments.
- Security vulnerabilities in hardware virtualization
- Attacker models and their implications
- Mitigation strategies for VM isolation
- The role of hypervisors in securing virtualized environments
- The impact of side-channels on virtual machine security
Zusammenfassung der Kapitel (Chapter Summaries)
- Introduction: This chapter provides an overview of the widespread adoption of cloud computing and the importance of hardware virtualization in this context. The chapter highlights the need for secure isolation between virtual machines and the physical host, particularly given the potential for distrust between service providers and customers.
- Virtualization Techniques: This chapter discusses the fundamental concepts of virtualization and introduces two primary types of hypervisors: bare-metal and hosted. It explores the advantages and disadvantages of each approach, highlighting their role in managing resources and ensuring isolation between virtual machines.
- Attacker Models: This chapter introduces various attacker models that might exploit vulnerabilities in virtualized environments. It focuses specifically on the Guest VM User model, where malicious users within a virtual machine attempt to break out of their isolation and gain control over other virtual machines or the physical host itself.
Schlüsselwörter (Keywords)
The main keywords and focus topics of this paper include hardware virtualization, VM escape, hypervisor, security vulnerabilities, attacker models, side-channels, and mitigation strategies. The paper explores the use of technologies like AMD SEV and Intel SGX in enhancing virtual machine security.
- Citar trabajo
- Samuel Hopstock (Autor), 2020, Security Issues in Hardware Virtualization, Múnich, GRIN Verlag, https://www.grin.com/document/933815
