Professional Documents
Culture Documents
Security Issues in Virtualization Environment: R. Anand, S. Sarswathi and R. Regan
Security Issues in Virtualization Environment: R. Anand, S. Sarswathi and R. Regan
VA VA VA VA VA VA VAA VAA
VM VM VM VM
HYPERVISOR
PHYSICAL MACHINE
is managed by the administrator. As discussed earlier the this situation the virtualization layer is vulnerable which
task of creating a virtual machine is made easier. With the can be easily affected by threat thereby decreasing the
increasing growth of VMs in a single physical machine security of whole virtual environment.
security issues among them increases proportionately with For efficiency in communication between VMs most
respect to resources and administrator. Each virtual virtualization platforms include the ability to create
machine should be assigned an administrator who is software based virtual networks and switches inside the
responsible for the managing and controlling its task. physical host to enable VMs to communicate directly.
Every virtual machine contains separate admin control This traffic will not be visible to network-based security
.Admin has list of approved written policies, procedures,
protection devices. Existing security mechanisms may
standards of the virtual machines and applications such
not coincide with virtual environment, hence virtual
that it provides access control mechanism, identification
environment is in secure.
and authentication to access the virtual machine and
virtual applications. Admin also restricts the non
reputation of application access thereby protecting the IV. SECURING ALL ELEMENTS OF VIRTUAL
virtual environment. ENVIRONMENT AND MAINTAINING SECURITY
VM consists of a virtual application in order to
maximize the performance of the application, and makes The security of a virtualization solution is heavily
the appliance smaller and possibly more secure. In this dependent on the individual security of each component,
context, virtual machines have virtual application which from the hypervisor and host OS to guest OSs,
provides data security, virtualization, and virtual privacy applications and storage. Sound security practices must be
among these virtual applications. The client machines and established such as keeping software up-to-date with
other PDAs depend on the VM in order to access the security patches, using secure configuration baselines,
virtual application in a virtual infrastructure. antivirus softwares or other appropriate mechanism to
Administrator of VM restricts the client to access the detect or stop attacks.
application in a variety of ways.
Virtual privacy is provided among the client machines V. RESTRICTING AND PROTECTING ADMINISTRATOR
so that any client is secure from any other client ACCESS TO THE VIRTUALIZATION SOLUTION
machines. By means of virtual security one virtual
machine is isolated from other virtual machines that run The security of the entire virtual infrastructure relies
in the general operating systems of a physical machine. on the security of virtualization management system that
The virtual security is also provided among the virtual controls the hypervisor and allows the operator to create
applications. The ultimate goal of virtualization new guest OS and perform other administrative actions.
administrator is to secure the entire virtual environment. Some virtualization products offer multiple ways to
The compromise of virtualization layer (virtual manage hypervisors; each management interface should
machine monitor or hypervisor) that exist between the be secured, whether locally or remotely accessible. For
physical machine and virtual machine leads to remote administration, the confidentiality of
compromise of all hosted workloads and its security. In communications should be protected.
255
2012 International Conference on Radar, Communication and Computing (ICRCC)
VI. ENSURING THE HYPERVISOR IS PROPERLY SECURED physical environment right from resource allocation to OS
access. Number of OS accessed by different clients
Securing a hypervisor involve actions that are standard slowing down the server can be avoided by making
for any type of software, such as installing updates as they parallel OS request. Such that solutions for all issues that
become available. Other recommended actions include has been discussed in this paper should be taken into an
disabling unused virtual hardware, file sharing and consideration while virtual access. Virtual privacy and
considering using the hypervisors capabilities to monitor virtual security should be provided in virtual environment
the security of each guest OS running within it, as well as to in-order to overcome all the above defined issues.
the security activities occurring between guest operating Virtual privacy between the virtual machines in an virtual
system. The hypervisor also needs to be carefully environment isolates one machine from other, thereby
monitored for signs of compromise. each VMs in VE are secured.
REFERENCE
Virtual OS
[1] Qian Wang , Cong Wang ; Kui Ren ; Wenjing Lou ; Jin
Li Enabling Public Auditability and Data Dynamics for
Storage Security in Cloud Computing Parallel and
Client Virtual OS Distributed Systems, IEEE Transactions on May 2011,
Volume: 22 , Issue: 5 , Page(s): 847 859
machine
[2] Jensen, M.; Schwenk, J.; Gruschka, N.; Iacono, L.L. On
Technical Security Issues in Cloud Computing Cloud
Computing, 2009. CLOUD '09. IEEE International
Virtual OS
Conference , Page(s): 109 116
[3] Jianfeng Yang; Zhibin Chen Cloud Computing Research
and Security Issues Computational Intelligence and
Software Engineering (CiSE), 2010 International
Fig. 2. Client accessing number of virtual OS Simultaneously
Conference, Publication Year: 2010 , Page(s): 1 3
Virtual applications being accessed in the virtual [4] Cong Wang; Qian Wang; Kui Ren; Ning Cao; Wenjing
environment on-demand by the client should have Lou Toward Secure and Dependable Storage Services in
Cloud Computing Services Computing, IEEE
privacy, such that the clients accessing virtual application
Transactions on 2012, Page(s): 220 232
is private from other client in the virtual environment. If
not, there occurs a migration of information from one [5] Wang, C.; Chow, S.; Wang, Q.; Ren, K.; Lou, W.
Privacy-Preserving Public Auditing for Secure Cloud
client to another client in the same virtual environment
Storage Computers, IEEE Transactions on 2011,Volume:
which leads to data in security. The data is insecure in PP , Issue: 99 , Page(s): 1
such case if there is no privacy among virtual applications
[6] Imad M. Abbadi Toward Trustworthy Clouds Internet
and the client. This is not an issue in case of physical Scale Critical Infrastructure Lecture Notes in Computer
environment, where every application and the clients Science, Springer 2011, Volume 6672/2011, 71-82
isolated from each other.
[7] Pardeep Sharma, Sandeep K. Sood and Sumeet Kaur
When virtual applications access information from the Security Issues in Cloud Computing Communications in
database server, the data from the server becomes Computer and Information Science, 2011, Springer
inconsistent, by several operations performed by the Volume 169, Part 1, 36-45
client. [8] Mohammed A. AlZain, Ben Soh and Eric Pardede A new
When the operating system is provided as a service, model to ensure security in cloud computing services
Journal of Service Science Research, Springer 2012,
there arise several issues rather than when the applications
Volume 4, Number 1, Pages 49-70
are accessed On-Demand. For example, when there are
multiple OS requests by the clients simultaneously, the [9] Wenjuan Li and Lingdi Ping Trust Model to Enhance
Security and Interoperability of Cloud Environment
server slows down.
Lecture Notes in Computer Science, Springer 2009,
Volume 5931, Cloud Computing, Pages 69-79
VII. CONCLUSION [10] Jin-Song Xu, Ru-Cheng Huang, Wan-Ming Huang and
Geng Yang Secure Document Service for Cloud
An issue faced by the virtual machines in virtual Computing Lecture Notes in Computer Science,
environment has been dealt with. It is clear that there arise Springer2009, Volume 5931, Cloud Computing, Pages
several issues in virtual environment rather than in 541-546
256