M886 Papers Flashcards
Virtualization security
Ray, E. and Schultz, E. (2009). Virtualization security. In Proceedings of the 5th
Annual Workshop on Cyber Security and information intelligence Research: Cyber
Security and information intelligence Challenges and Strategies
Virtualization: Issues, security threats,
and solutions
Pearce, M., Zeadally, S., and Hunt, R. (2013). Virtualization: Issues, security threats,
and solutions. ACM Computing Surveys
Virtualization security Summary
Ray et al start by recounting the roots of virtualization. The next section describes three types of virtualization:
- Storage
- Network
- Server
These seem to be the only ones recognised by the authors.
The paper then describes the benefits of virtualisation through efficiency, functionality, continuity and security. The authors then describe related security risks and give examples for each one.
Ray et al suggest that all organisations should address a list of questions before deployment, questions related to:
- Where and how
- Policies on management and usage
- Risk awareness and mitigation
The paper suggested that the listed security issues need addressing through selected security controls. The main issues are:
- New attack vector
- Reduced separation of duties
- Integrity of backups
- Increased complexity of assets to be secure
The paper also lists asset types that will need to be secured:
- VM OSs
- VM Networks
- VM Kernel
- VM traffic
- VM Console OSs
- VM Deployment
- VM Backups
- VM Data
Virtualization: Issues, security threats,
and solutions Summary
The authors start with a review of the evolution of virtualisation, followed by an explanation of concepts and motivations behind it. Pearce et al cover the implications of virtualisation before listing its types, related properties and methods. The authors consider that System and Network types are the most important ones. Storage, Application and Desktop types are mentioned, but as delivery methodologies and models of virtualised services, are not considered in scope for this paper.
The third chapter of the paper describes the system virtualisation architecture, it’s key components, data flows and entry points (high-level, control and network).
The next two chapters expand on virtualisation properties, and how they relate to security:
- Isolation/Improved Confidentiality
- Oversight/Integrity
- Duplication/Availability)
It’s also mentioned how those properties relate to motivations behind the usage of virtualisation in security. How threat modelling works in relation to virtualisation is also covered, describing its cycle as an entry point of Vision, leading to the cycle: Diagram;Identify threats;Mitigate;Validate. These lead to a simplified taxonomy describing groups When,Where, What and How for when changes can occur on VM architectures and how it’s properties are affected.
Before making recommendations on how to improve security on virtualising implementations, Pearce et al dissects the security implications of strong and weak implementations of requirements and properties that define virtualised systems. Those are Efficiency, Resource Control and Equivalence, and even strong implementations both enhance and compromise security. The recommendations made for improving security cover:
- Rollout planning
- Hardening of systems
- Threat prevention
- Vulnerability detection
- Intrusion detection
- Prevention measures
- Recovery measures
- Protection measures
Whilst it is essential for your examination answer to summarise the papers you have read, it is more important to consider and discuss the issues and implications which arise for the management (i.e. policy and practice) of information security.
Ray et al very light, good for making aware.
Pearce et at dense, very detailed. Good for implementation.