Virtual Machine approach to Security虚拟机的安全性.pptVIP

Virtual Machine approach to Security Gautam Prasad and Sudeep Pradhan 10/05/2010 CS 239 UCLA Virtual Machine and Virtual Infrastructure A virtual machine is a tightly isolated software container that can run its own operating systems and applications as if it were a physical computer. A virtual infrastructure lets you share your physical resources of multiple machines across your entire infrastructure. In a virtual Infrastructure, many virtual machines interact with each other, are created and destroyed dynamically and move from one physical hardware to another seamlessly. We call the physical system which provides virtualization as Host. Virtual Machine and its Operating system is called the guest. Properties of Virtual Infrastructure Decouples software environment from its underlying hardware infrastructure so one can aggregate multiple servers, storage infrastructure and networks into shared pools of resources. (Scaling, Mobility) Virtual Machines can be deployed on an ad hoc basis, and destroyed when their purpose is served. (Transience, Diversity) Virtual machines can be provisioned using a template, thus 100s of VMs can be spawned in a short time.(Scaling, Diversity, Lifecycle) State of the virtual machine (or a group of virtual machines) can be check-pointed and reverted whenever necessary.(Software Lifecycle, Data Lifetime) Resources in a virtual infrastructure can be scheduled dynamically for maintenance of part of the infrastructure. (Mobility) These properties of a Virtual Infrastructure makes it difficult to apply the traditional Computer security methods. Risks mentioned in Gartner Report on Virtualization Security Information Security Isnt Initially Involved in the Virtualization Projects A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms Workloads of