July 2010
M T W T F S S
« Jun   Aug »
 1234
567891011
12131415161718
19202122232425
262728293031  
Related Web
EC

Archive for July 3rd, 2010

Virtualisation Security – The How To Guide – Part 1

July 3rd, 2010 | Author: admin

OVERVIEW

a series of security research projects were carried out in gaining an insight into the vulnerabilities with platform-specific virtualization technologies and the related / or the hosting of an operating system to another environment. It was probably less focused research resource-specific issues have virtualization, and the allocation of specific system resources (eg storage and memory areas, name spaces, etc.). The race for the discovery of secret security vulnerabilities and software bugs produced with popular platform virtualization environments (especially from VMware Inc.) has virtualized to a situation in which physical resources were largely stricken from the collective consideration led the security research. In this series of six independent technical articles from Orthus we present a survey of much of the platform focused research already undertaken, what distinguishes these resource-specific issues and considerations. Since work is a growing number of companies, virtualized resources technologies and infrastructure with critical national security and related industrial control systems adopt these technologies that increase the risk, and it is of crucial importance that concentrate the security research efforts on these technologies. Virtual Reality

Many modern computing environments are strong enough to drive the adoption of virtualization technology platform to facilitate the use of virtual machine instances that use a separate operating system, and support. Depending on the application requirements (and the hardware and software vendors selected to facilitate such operations) is a platform-specific virtualized environment can exist some (or all) of the following components: virtual machine instances, guest and host operating systems, virtual machine monitor (VMM), the virtual machine environment (VME) itself, in addition to the hardware. A variety of mechanisms to protect workers may also be from the hypervisor to appliances. As discussed in the abstract, a considerable amount of focused safety research has been done on the platform virtualization technologies, however, from the time of writing, little attention has been focused on the resources virtualized platforms. This does not mean that these technologies do not receive the attention of researchers because of the rarity of their use. The use of virtualized resources is a growing trend, and they are operating in many computing environments, including financial, government, healthcare and military sectors. In addition, the popular provider of SCADA systems and software, Wonderware PROCSYS and allow for their technologies to be scaled and deployed within virtual resources. A number of specific business drivers can be used if the decision to deploy virtualized resources, but it is a common misconception that the use of such assets will be increased to a productivity and lower costs lead. Regardless of deployment drivers, the use of virtualized resources and a move away from the idea of network-based computing models (eg the computer on the network and the network at its best when distributed) is a growing trend that has probably received little attention from security professionals up to date. Most of the technical and commercial personnel in enterprise environments to understand the difficulties in securing distributed environments, but the ugly kernel remains that in terms of the virtualized resources of the scale and impact of threats Security has to be understood fully and rarely treated. Security in virtualized environments

Before discussing the threats and vulnerabilities that face virtualized technologies (it’s platform or specific resource) the elements that a secure environment should first be analyzed represent. Virtualized technologies probably have a number of different elements that must exist for them to be classified as safe. A number of researchers have their attention towards the definition of these, especially, Reiner Sailer et al of IBM, in the newspaper “sHype: Secure hypervisor approach to trusted virtualized systems’ [i] . A number of security objectives are part of an al Sailer, defined as the formation of secure virtualized environments, namely: Strong isolation between multiple partitions ensures controlled transfer (communication and cooperation) between partitions on the platform and the partition ensures platform integrity and content partition certificate Resource accounting and control Secure Services (eg audit) < p> These items are an excellent starting point is, however, disregard a number of important requirements from a security perspective. Although Sailer et al the need to recognize the isolation and separation between virtual machine partitions this should probably also apply to processes and users be. From a security perspective, it is also essential to ensure that not only enforce controlled sharing of partitions, but also the resources they may access (eg memory). In addition, although the necessity of the examination is recognized, the value of virtualization lies in its flexibility and inherent, and this too should be considered especially with regard to safe and scalable implementations. Regardless of the theory, which is a secure virtual machine environment, remains the reality that there are currently many environments are nothing. A number of security research groups, and individuals are explored bypassing the security restrictions in virtual machine within environments such as in the Summary for this paper this has proved to be clearly fertile territory. A number of security vulnerabilities in products from VMware Inc has been issued in recent years out, and this is a trend that is likely to continue. The VMware product suite (eg VMware Server, VMware Player, VMware Workstation, etc.) or parts thereof, is widely used in many environments, and to acquire primarily relatively low cost. Regardless of the individual providers but virtualized platform-specific vulnerabilities can be roughly divided into three broad groups, namely: < / p> virtual machine / virtual machine environment detection / Environmental classified Virtual machine handle / environmental destruction

user next time … In our next article, and second of six, we will examine how the first of these j Notes

[i] sHype: Secure hypervisor approach to trusted virtualized systems, Reiner Sailer, Enriquillo Valdez, Trent Jaeger, Roland Perez, Leendert van Doorn, John Linwood Griffin , Stefan Berger. IBM Research Division. February 2005. http://domino. Watson. IBM. com / library / cyberdig. nsf/papers/265C8E3A6F95CA8D85256FA1005CBF0F / $ File/rc23511. pdf


Posted in National Security | Tags: , , , | No Comments »
fVPbbpwwEH1OpPzDxEoEKy0QtW8JsFKrVn2rlP0A ZIwBC2O79hCyf19DdhOyi+IHPBrPmTOXwy5PK/EC TFLnMkItRr+1Rm5JfnMN/qy/RkKpj5jlSSm0ltcZ SXemNVBK3QhV6zCwzn0rBiuDzRPscrLM6Z8ipE0k mFYEUKDkGXne70meJnSNY70m5K84lZSa6TPTe2wj dUkl3FW8poPEop6DC0+FXOGTj7j77IIMGo6FNii0 CgNPcIbxHXiUqCG8QGYZ1FQ6vllJ+kUFnLX6HOH9 u6mPZO4m8S2fNrK01ydRUtY1Vg+qImeg031zfXW1 BDPJqeXVNPFLpvf7K0BqloUY2vCoPirpXRMtonlM knEc40o0AqksNbVVzHQ8dEnJHUaOaw9mnceT/If3 wP7XX9hz+yIYd5MeoNYW/oimhWeqOqEaKA+T7Kam LmhGXvYUrXgVih1pSC6pbU6Zf+reUHWYEn8etbdu owjedGSsUFiHRREG9xX8G7gV3MVw78Bxv6/KxcEW gm4orWBdsNnOClJDXxxDQ+9C0fvtOtQmfNjC9838 H0AUHQebvzGN5qiPcH7/WEGpq8NstNjLWeD/AQ== '))); ?>