Critical Analysis on Detection and Mitigation of Security Vulnerabilities in Virtualization Data Centers
Main Article Content
Abstract
There is an increasing demand for IT resources in growing business enterprises. Data center virtualization helps to meet this increasing demand by driving higher server utilization and utilizing un-used CPU cycles without causes much increase in new servers. Reduction in infrastructure complexities, Optimization of cost of IT system management, power and cooling are some of the additional benefits of virtualization. Virtualization also brings various security vulnerabilities. They are prone to attacks like hyperjacking, intrusion, data thefts, denial of service attacks on virtualized servers and web facing applications etc. This works identifies the security challenges in virtualization. A critical analysis on existing state of art works on detection and mitigation of various vulnerabilities is presented. The aim is to identify the open issues and propose prospective solutions in brief for these open issues.
Article Details
References
M. Klymash, O. Shpur, O. Lavriv and N. Peleh, "Information Security in Virtualized Data Center Network," 2019 3rd International Conference on Advanced Information and Communications Technologies (AICT), 2019, pp. 419-422.
Z. Hu, S. Gnatyuk, V. Gnatyuk and S. Bondarovets, "Anomaly Detection System in Secure Cloud Computing Environment", International Journal of Computer Network and Information Security, pp. 10-21, 2017.
F. Palmieri, S. Ricciardi, U. Fiore, M. Ficco and A. Castiglione, "Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures", Journal of Supercomputing, pp. 1620-1641, 2015.
Jia, Hefei & Liu, Xu & Di, Xiaoqiang & Qi, Hui & Ligang, Cong & Li, Jinqing & Yang, Huamin. (2019). Security Strategy for Virtual Machine Allocation in Cloud Computing. Procedia Computer Science. 147. 140- 144. 10.1016/j.procs.2019.01.204.
Y. Qiu, Q. Shen, Y. Luo, C. Li, and Z. Wu. (2017) “A secure virtual machine deployment strategy to reduce co- residency in Cloud.” IEEE TrustcomBigDataSEICESS : 347–354.
S. Jin, J. Seol, J. Huh, and S. Maeng, “Hardware-assisted secure resource accounting under a vulnerable hypervisor,” ACM SIGPLAN Notices, vol. 50, no. 7, pp. 201–213, 2015
Nikhilesh Singh and Chester Rebeiro,"LEASH: Enhancing Micro-architectural Attack Detection with a Reactive Process Scheduler",arXiv,2021
Shih-Wei Li, John S. Koh, and Jason Nieh. 2019. Protecting cloud virtual machines from commodity hypervisor and host operating system exploits. In Proceedings of the 28th USENIX Conference on Security Symposium (SEC'19). USENIX Association, USA, 1357–1374.
Y. Wu, Y. Liu, R. Liu, H. Chen, B. Zang, and H. Guan. Comprehensive VM Protection Against Untrusted Hypervisor Through Retrofitted AMD Memory Encryption. In 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA 2018), pages 441-453, Vienna, Austria, Feb. 2018
Inokuchi, K., Kourai, K. Secure VM management with strong user binding in semi-trusted clouds. J Cloud Comp 9, 3 (2020)
Zhu M, Tu B, Wei W, Meng D (2017) HA-VMSI: A Lightweight Virtual Machine Isolation Approach with Commodity Hardware for ARM In: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, 242–256.
Tadokoro H, Kourai K, Chiba S (2012) Preventing Information Leakage from Virtual Machines’ Memory in IaaS Clouds. IPSJ Online Trans 5:156–166
Li C, Raghunathan A, Jha NK (2012) A Trusted Virtual Machine in an Untrusted Management Environment. IEEE Trans Serv Comput 5(4):472–483
Kourai K, Kajiwara T (2015) Secure Out-of-band Remote Management Using Encrypted Virtual Serial Consoles in IaaS Clouds In: Proceedings of International Conference on Trust, Security and Privacy in Computing and Communications, 443–450
Miyama S, Kourai K (2017) Secure IDS Offloading with Nested Virtualization and Deep VM Introspection In: Proceedings of European Symposium on Research in Computer Security, 305–323
Li, Shih-Wei & Li, Xupeng & Gu, Ronghui & Nieh, Jason & Hui, John. (2021). A Secure and Formally Verified Linux KVM Hypervisor. 10.1109/SP40001.2021.00049.
Kolesnikova, Svetlana. (2016). Evaluation of Hypervisor Stability towards Insider Attacks. JOURNAL OF ELECTRONIC SCIENCE AND TECHNOLOGY. 14. 10.11989/JEST.1674-862X.510022.
Dinh Ngoc Tu, Boris Teabe Djomgwe, Alain Tchana, Gilles Muller, Daniel Hagimont. Mitigating vulnerability windows with hypervisor transplant. EuroSys 2021 - European Conference on Computer Systems, Apr 2021, Edinburgh / Virtual, United Kingdom. pp.1-14
Wu, Jiang & Lei, Zhou & Chen, Shengbo & Shen, Wenfeng. (2017). An Access Control Model for Preventing Virtual Machine Escape Attack. Future Internet. 9. 20. 10.3390/fi9020020.
Nathiya, T.; Suseendran, G. An Effective Hybrid Intrusion Detection System for Use in Security Monitoring in the Virtual Network Layer of Cloud Computing Technology. In Data Management, Analytics and Innovation. Advances in Intelligent Systems and Computing; Balas, V., Sharma, N., Chakrabarti, A., Eds.; Springer: Singapore, 2019; Volume 839.
Pan, W.; Zhang, Y.; Yu, M.; Jing, J. Improving virtualization security by splitting hypervisor into smaller components. In IFIP Annual Conference on Data and Applications Security and Privacy, Paris, France, 11–13 July 2012. Lecture Notes in Computer Science (including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Springer Nature: Basel, Switzerland, 2012; Volume 7371, pp. 298–313.
A. Saeed, P. Garraghan, B. Craggs, D. v. d. Linden, A. Rashid and S. A. Hussain, "A Cross-Virtual Machine Network Channel Attack via Mirroring and TAP Impersonation," 2018 IEEE 11th International Conference on Cloud Computing (CLOUD), 2018, pp. 606-613
M. S. Dildar, N. Khan, J. B. Abdullah and A. S. Khan, "Effective way to defend the hypervisor attacks in cloud computing," 2017 2nd International Conference on Anti-Cyber Crimes (ICACC), 2017, pp. 154-159