An Overview: Security in Virtualization Technology

INTRODUCTION

Virtualization was first developed by IBM Corporation in 1960’s. At that time; virtualization technology has a capacity to run multiple operating systems on a host physical computer (Huang et al., 2012). The optimal server resources is used for improving the space and energy efficiency of data centers. Data center are the building blocks of IT business enterprises and it providing the capabilities of centralized repository for storage, management and networking (Uddin et al., 2012). Cloud computing typically begins with virtualization. It utilizes virtualization technologies to encapsulate collaborative manufacturing as service (Ding et al., 2012).

The vital goals are availability, confidentiality, data integrity, control and audit to achieve acceptable security. Availability means user can use the resource at any time, at any place. Confidentiality means keeping user data in secret manner and encrypted storage is another approach to improve the confidentiality. Data integrity means it is not lost or modify by any other unauthorized users. Audit means it look what happened in that environment. It can handle additional layer above the virtualized operation system hosted on VM to provide facilities to look what happened in the system (Zhou et al., 2010). Advantage of virtualization is flexibility, availability, scalability and security, cost, load balancing, resource allocation and isolation (Sahoo et al., 2010).

KVM can protect against the some attacks such as malicious (Root-kits), viruses and Trojans. XenServer has virtual network switching which provides data security in IT industries and delivering improved security for the business. VMware provide software based security and it secures the applications in the virtual data center and Microsoft also provides some security consolidation in virtualization (Zhang et al., 2011).

VIRTUALIZATION VENDORS

The major virtualization vendors provide different approaches to improve security for their platforms.

Security in KVM: KVM (Kernel-based Virtual Machine) is the best choice for virtualization technology and also gives trusted solution for implementing virtualized environment. KVM hypervisor is a full virtualization based on Linux operating system. Hypervisor equips with the security platforms and it has security tools. The KVM original source code is freely available. KVM hypervisor has Intrusion Detection System (IDS) and Accounting system. KVM is the best class performance for the enterprise workloads. It will manage more memory, processes and X86 Servers. KVM is the more efficient techniques in virtualization.

System security: KVM can protect against the many attacks such as Rootkit attack and Trojans. Some of the methods available in Rootkit Detection for securing the system are Detection recovery method and modifying the kernel code.

Root kit detection method: One of the kernel root kit is used to modify the parts of the kernel. It is more complicated because some of the security package is rely on kernel. By using the Root kit detection method, the difficulties are to be overcome:

Detection recovery method: This method detects the data statically or periodically in manner, which is only happened in Root kit attack. It is also detect dynamically allocated data or code based on memory protection mechanism and this method is more efficient than modifying the kernel code method (Zhang et al., 2011).

Security management in KVM: KVM-security management will protect against attacks and secure kernel based virtual machine environment by extending the feature of KVM security such as securing remote management and storage devices, it is also protect against the timing attacks in the cryptosystem which is also used to execute the cryptographic algorithm. Intrusion Detection System is used to prevent the Malware attacks such as Root-kit. The KVM security management is used to detect the unauthorized modification in the virtual machine. To disable the presence of a Root kit, it can follow some hiding techniques such as Modify Interrupt Handler, Modify Interrupt Descriptor Table and Modify Syscall Handler (Lombardi and di Pietro, 2010).

XenServer: XenServer has virtual network switching which provides data security in IT industries. XenServer contains Memory Access API, which permits the integration of third-party security services into the virtualized environments (Garber, 2012).

Client virtualization security: In client virtualization security, it based on virtual desktop technology and that organization enables to extend the security. They also maintain security and data access in the applications. Industry have some rules, policy and also have the license to protect all the data from theft and prevent data from the users, apply and implement data protection policies and protect the data from organizations and also enable self-service recovery for every users and also for the workers.

Centralize management and control policy: In XenClient, it provides a single, centralized management to manage multiple client machines and have control policies. Client virtualization security based on the virtual desktops and it run on the top. IT provides security policies on virtual desktops. IT industries can selectively reject the access such as USB storage devices, CD, DVD to prevent loss of data in secure environment. Centralized laptop management increases security and IT efficiency.

Protect enterprise data: The multiple virtual desktops that run on XenClient that are completely isolated and Malware spreading among virtual desktops is almost nonexistent risks. Remotely they use some policy to prevent the enterprise data. They protect the confidential information and value properties are not compromised in this process (Citrix Systems Inc., 2011).

Server virtualization security: Server virtualization security in XenServer environment is more efficient and having some profiles to improve security. Three types of profiles are used in Citrix presentation server/terminal server environment (Wang et al., 2011):

Roaming profiles: It is easy to setup, concept is simple and all user changes are observed and hold in this profile.

Mandatory profiles: This profile is simple to manage, loading is fast without corruptions.

Hybrid profiles: User changes can be observed as required and loading is fast with a greatly reduced chance of corruptions in this profile.

VMware: The largest virtualization vendor is VMware. It provides a software-based security, hypervisor-based firewall and also provides VM-traffic monitoring, security policy management, logging and auditing services.

The software-based security architecture called VShield and it provides several components. VShield App secures the applications in the virtual data center against network-based threats. VShield Edge protects the virtual data center’s areas. VShield Endpoint off-loads some antivirus and anti-Malware functions to a security VM and removes the use of agents and thereby avoiding antivirus storms. A security management framework gives VShield products and VShield Manager communicates with management consoles that determines when and how to apply applications such as firewalls and antivirus scanners. VShield zones provides basic firewalling of traffic between VMs and traffic are analysed based on some constraints such as source and destination IP address and protocols. Third-party security vendors can support VShield and works only with VMware’s virtual infrastructures (Garber, 2012).

Security advantages of VMware:

Microsoft: Microsoft doesn’t have a wide virtualization security framework. It has build architectural features that promote security. The features include isolation between virtual partitions. VM runs in its own processes and it also has own hypervisor resources. VMs can’t communicate with one another except traditional networking and can’t affect the contents of the host system, the hypervisor, or other VMs.

In Microsoft virtualization, centralized management is there around that it has server virtualization, presentation virtualization, Application virtualization and Desktop virtualization.

Server virtualization: In this virtualization want to focus on two areas ,one is securing the host area and other is securing the guest area, for that first want to understand the attack surface and secure virtual hard disk files. Other administration roles are Host, Network and Virtual machine ownership. For securing the guest we want to follow these things-Don’t allocate over resources, Dispose unwanted storage devices, Give support for host time synchronization, Place the virtual machines of a same trust level on the same physical computer, Delete compromised high-security virtual hard disk files, manage the guest like any other physical server.

Presentation virtualization: In this virtualization the security considerations are to implement a single sign-on solution, Separate user to state the data, Testing the applications before present to end users, encrypt/sign the remote connection, set standardize settings across multiple servers in the environment, Manage the device redirection and Implement printer driver redirection.

Application virtualization: Some of the security considerations in the application virtualization are stream applications using encryption protocols such as RTSPS or HTTPS, secure package storage location, manage the application configuration if it physically installed.

Desktop virtualization: Security considerations in the virtualization are implementing a managed solution for non technical users and manage the guest like any other physical desktop.