August 2, 2012 | Written by: Chenta Lee
Share this post:
Virtualization technology brings a new order of security complexity to the world. All traditional threats could apply to virtual machines (VMs); because of the new complexity introduced, several new types of vulnerabilities emerge from the virtual world.
We can classify the new vulnerabilities by the functionality of each component in a virtual infrastructure:
- Management console vulnerabilityUsers can control virtual machines remotely by running management programs on their own machine or by using web applications provided by the host. Any vulnerability exposed by the management program or web application could open a backdoor in the host, which is usually the easiest way to break into your environment.
- Management server vulnerabilityAn infrastructure as a service (IaaS) solution usually has a centralized management server to control every host in the environment. Any security breaches on the server will bring high risk to your environment.
- Administrative virtual machine vulnerabilityThe administrative virtual machine running on the host might gain full control of every virtual machine. For example, an administrative VM might have the root password to control the hypervisor to provision the VM automatically. In some designs, this kind of vulnerability is equivalent to the hypervisor vulnerability.
A compromised hypervisor can affect all guest VMs because it can introspect every CPU instruction running on guest VMs and also monitor the content in virtual memory. A breach in the hypervisor is equivalent to the exposure of private data stored in guest VMs. The vulnerability in the hypervisor can cause VM escaping; it will completely violate the isolation among virtual machines. A guest VM might be able to control another VM and even control the hypervisor itself. Attackers can even secretly move your guest VM to a compromised hypervisor and users will never notice it.
If you treat your hypervisor as a traditional server running some services, you are actually facing a server running hundreds of services and having vulnerability from every operating system in the world. You definitely cannot protect this server using the old way.
People tend not to update OS patches or install security products on virtual machines, and administrators think they can always revert the guest virtual machine to a clean snapshot. In the end, they usually cannot keep track of all the snapshots and users do not allow them to do it. Plus, a virtual machine can migrate from host to host. This does not happen to physical machines, which makes virtual machines harder to track. In the good old days, a single physical machine could not form a botnet alone. Unfortunately, the same rule cannot apply to the virtual infrastructure. A single host can form a botnet easily, and because of the high-performance inter-VM communication, the virus can spread faster in the virtual world. Any compromised guest VM could be a starting place to attack the administrative VM, hypervisor, and other guest VMs.
If I were the attacker, I would start by attacking the management service because I could leverage the existing OS vulnerability to sneak into the server running those services. After I got control, I could access everything in their environment. It would be the most efficient way to compromise their infrastructure. The second approach I would try is to scan all the guest VMs running on the host to see if there are any back doors or any operating systems that weren’t patched waiting for me. After getting access to one of the guest VMs, I could use it to try every possible way to do VM escaping to get control from the hypervisor. Also, I could use that VM to attack other guest VMs and sniff (detect) network traffic from the virtual switch.
To sum up, efficiency is always followed by complexity, and flexibility always comes with management difficulties. Although we are amazed by this new technology, remember to think about security first. You need to start planning security solutions before constructing your virtual infrastructure. Otherwise, the dark side of the cloud will reveal itself faster than you could imagine.