Virtualization and Security – Part 1*
Virtualization is a major trend in the IT arena. There are many reasons to use virtualization, including consolidation of computing resources, dynamic load balancing, failover capabilities, ability to perform maintenance without downtime, ability to pool computing resources, ability to use custom virtual machines (VMs) as a container for application delivery, and much more. Virtualization will be a major part of computing for a very long time.
Virtualization’s benefits go far beyond efficiency, functionality and continuity, however, in that virtualization also offers much for information security. VMs can be used to isolate processes from attackers and malware, making systems and applications more difficult to successfully attack or infect. User access to applications can be tightly controlled in that virtualization allows special applications to be isolated from end-user applications, making unauthorized access to the former very difficult. Even if a system or application that runs in a virtualized environment is successfully attacked, any impact resulting from the attack is almost always attenuated. The ability to spread attacks (particularly due to malware-based infections) is thereby reduced.
A good example of the usefulness of virtualization in the information security arena is the way Java applets run in a “sandbox” environment in the Java VM. The sandbox restricts capabilities such as reading or writing to files on each local computer, starting or calling programs on each local computer, and obtaining network connectivity to the same computer from which applets have been loaded.
Invariably, however, nothing is perfect, and security in virtualized environments is no exception. “Hyperjacking,” in which an attacker crafts and then runs an ultra-thin hypervisor that takes complete control of the underlying operating system, can occur. Additionally, even in virtualized environments it is possible to steal data from layer 2 traffic by configuring a network interface card such that it runs in promiscuous mode. Furthermore, virtualized environments typically are characterized by great diversity, something that can interfere with IT standardization and compliance efforts.
Consider, for example, virtualization in the Java applet environment. Although Java applets are typically run as part of a web page, they can be downloaded and then run locally as a file without being subject to the sandbox’s restrictions. The sandbox does not always function as intended, either. Applets can, for example, send information from computers on which they execute to other network-connected systems, thereby substantially raising the risk of unauthorized disclosure or theft of stored data and programs.
The “bottom line” is that from an information security perspective, virtualization is a two-edged sword. Virtualization should not be viewed as a security panacea, nor should it be viewed as an opened Pandora’s box. At the same, it behooves information security professionals to not only thoroughly understand virtualization and its advantages and disadvantages from a security viewpoint, but also to keep up with changes in virtualization that not only have occurred in the past, but also one that will undoubtedly continuously occur in the future.
* Steve Orrin of Intel deserves credit for many of the ideas in this blog entry.