Now that we talk about cloud, we also need to talk about virtualization. Virtualization technology plays a major role in system organization, reducing system operation costs, and improving the efficiency, utilization, and flexibility of hardware resources. However, virtualization technology itself not only faces the existing security threats of traditional networks, but also faces security problems introduced by itself.
BUT, due to the advantages of resource division and independence brought by virtualization technology, it also plays an important role in the construction of security policies.
Security threats of host virtualization
Theft and tampering of virtual machine information
This actually refers to the security threat introduced by the vulnerability of the Hypervisor, because the vulnerability of the Hypervisor itself is inevitable.
Do you remember the virtualized mail server or salary payment system? If you have administrator rights to access the virtualized working environment, you can easily enter the virtualized working environment and steal all data without leaving any traces. It is very difficult to steal a physical server from a data center, and it is also easy to be discovered. However, a virtual machine can be stolen through the network from any location, and the virtual machine can be easily taken away by installing it on a flash drive.
Virtual machine escape
Virtual machine escape refers to the attacker using various
security vulnerabilities to attack the Hypervisor under the premise that the attacker has controlled a VM. Typical cases: blue pills, CloudBurst.
Consequences of escape:
Install the Hypervisor-level backdoor;
Denial of service attack;
Steal data;
Control other VMs;
Rootkit attack
Rootkit is a special kind of malicious software. Its function is to hide itself and designated files, processes, network links and other information on the installation target. It is more common to see that Rootkits are generally used in conjunction with other malicious programs such as Trojan horses and backdoors. . The three elements of Rootkit are: hiding, manipulating, and collecting data.
Rootkit itself does not affect the operation of the computer like a virus or worm. Attackers can find existing vulnerabilities on the target system. Vulnerabilities may include: open network ports, unpatched systems, or systems with weak administrator passwords. After gaining access to the vulnerable system, the attacker can manually install a rootkit. This type of sneaky attack usually does not trigger automated network security control functions, such as intrusion detection systems.
Distributed Denial of Service Attack
Distributed Denial of Service (DDoS, Distributed Denial of Service) attacks occupy a large number of network resources through a large number of legitimate requests to achieve the purpose of paralyzing the network. This type of attack can be divided into the following types:
Interfere or even block normal network communication by overloading the network;
Overload the server by submitting a large number of requests to the server;
Block a user from accessing the server;
Block communication between a service and a specific system or individual.
Side channel attack
When the chip is running, due to the difference in data or logic, the internal transistors are different. Using this difference to determine the data or instructions inside the program is a side channel attack. There are many ways to obtain this difference, such as obtaining the voltage at the GND pin of the chip, using probes to intercept the changes in chip radiation, and so on.
Side channel attacks have also been used in attacks on smart hardware in recent years. For example, in 2016, someone used SPA (another side channel attack method) to attack a smart safe. In fact, side-channel attacks are very effective for encryption attacks in devices with a single operation and low clock frequency (low clock frequency is very important).
Host virtualization security solutions
Virtualized security defense architecture
As part of the overall virtualization security architecture, IT departments should focus on three virtualization aspects:
Separate virtual machines by location;
Separate virtual machines according to service types;
Implement predictive security management throughout the life cycle of virtual machines;
These three aspects will help IT departments protect their virtual infrastructure against current threats, and help IT departments alleviate future attacks.
Hypervisor security mechanism
At present, mainstream virtualization software such as Xen, VMware, and KVM have security vulnerabilities, which are mainly reflected in the following three aspects: First, as the hypervisor functions increase, the amount of code is also increasing, which will increase to a certain extent The number of security vulnerabilities; the second is the credibility of the hypervisor itself, malicious attackers may execute malicious software in the hypervisor, destroying the integrity of the hypervisor; the third is the defensive capabilities of the hypervisor, if the physical resources or access in the hypervisor When the policy setting is unreasonable, the security of the Hypervisor will be greatly reduced.
Own security: build a lightweight hypervisor, less TCB (Trusted Computing Base); integrity protection based on trusted computing technology. .
Improve Hypervisor defense capabilities: virtual firewall; reasonable allocation of host resources; protection of remote console security (the number of connections is 1, copying and pasting is prohibited); permissions are assigned as needed (assign roles first, without permissions, what permissions the user needs, and then distribution).
Virtual machine isolation mechanism
Security isolation model: hardware-assisted secure memory management SMM; hardware-assisted secure I/O management SIOM;
Access control model: sHype, Shamon;
Virtual Trusted Computing Technology
Through the isolation and monitoring mechanism provided by the virtual monitor, it can alleviate the theoretical crisis of software trustworthy dynamic measurement, and provide a set of solutions for establishing a trusted computing environment at the operating system and software application layer. The main idea is to separate the physical operation space through the isolation mechanism provided by virtual technology; dynamically measure the behavior of the entity through the monitoring mechanism, and discover and eliminate unexpected mutual interference. The main difficulty is to refine the isolation granularity, reduce system overhead and improve measurement efficiency.
Through the credibility measurement, credible storage and credible report mechanism provided by trusted computing, the computing environment of the terminal is purified, the credible connection between the terminals is established, and the virtual space of honesty and mutual trust is constructed. The main idea is to ensure the dynamic integrity of virtual machines through a trusted measurement mechanism, achieve trusted intercommunication between different virtual environments through a trusted reporting mechanism, and ensure solutions for data migration, storage, and access control through a trusted storage mechanism. On the one hand, the use of trusted computing technology to ensure the security of virtual machines; on the other hand, the integration of trusted computing into virtual machine technology-based application services, such as cloud computing, provides better security support for upper-layer services.
Virtual machine security monitoring
Through the virtual security capabilities of the security resource pool or the deployment of virtual security capabilities in the tenant network, it provides preventive security services, including system leak scans, configuration baseline verification, and web vulnerability scanning. Only the security capabilities and the scanned target network can be used. Once reached, you can scan the configuration and vulnerability of tenant virtual machines, and provide corresponding suggestions based on the scan results.
Internal monitoring: Insert some hook functions into the monitored virtual machine, typically representing Lares and SIM, which can directly intercept system-level semantics;
External monitoring: relying on Hypervisor's interception, which typically represents Livewire, and requires semantic reconstruction (low-level semantics such as binary semantics reconstructs high-level semantics such as operating system-level semantics);
Virtual machine introspection technology
Virtual machine introspection is a technology that obtains the internal state information of the guest virtual machine operating system from outside the virtual machine. This technology breaks the bottleneck of traditional security protection technology and has received extensive attention in the security field. It is a technology that monitors the running status of the virtual machine outside the virtual machine. Since its proposal in 2003, the introspection of the virtual machine has been studied by scholars at home and abroad. In recent years, not only a variety of prototype systems have appeared, but also excellent development kits such as LibVMI have emerged, and more and more applications based on virtual machine introspection have emerged.
The concept of virtualization originated in the 1960s. Virtualization technology can run multiple operating systems on a server. The original intention was to make fuller use of expensive mainframes. After half a century of development, virtualization technology has become a traditional technology in the computer field, and it has become the core technology of cloud computing. From virtualization to cloud computing, the IT industry has realized the dynamic scheduling of cross-regional resources. It can be said that virtualization technology has laid a good foundation for cloud computing. However, with the widespread application of cloud computing, the security of virtualization technology as its core technology has also become the focus of attention in the industry. In order to effectively guarantee the security of the virtualized environment, it is necessary to deeply understand the hidden security risks of virtualization, master the principles of virtualization security attacks, and deploy targeted security mechanisms to resist security threats.
