Skip to main content
SpringerLink
Log in

Virtual machine security challenges: case studies

  • Original Article
  • Published:
International Journal of Machine Learning and Cybernetics Aims and scope Submit manuscript

Abstract

Currently Virtual Machines (VMs) have many applications and their use is growing constantly as the hardware gets more powerful and usage more regulated allowing for scaling, monitoring, portability, security applications and many other uses. There are many types of virtualization techniques that can be employed on many levels from simple sandbox to full fledged streamlined managed access. While scaling, software lifecycles and diversity are just some of security challenges faced by VM developers the failure to properly implement those mechanisms may lead to VM escape, host access, denial of service and more. There are many exploits found in the last couple of years which were fixed on latest versions but some systems are still running them and vulnerable as presented, mostly to host based attacks and some have dramatic consequences.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Shroff A, Donthireddy VR—itlinfosys.com. Virtualization imperatives and performance. http://www.infosys.com/IT-services/application-services/white-papers/Documents/virtualization-imperatives-performance.pdf. Accessed 10 Feb 2013

  2. Reuben JS (2007) A survey on virtual machine security, TKK T-110.5290 seminar on network. http://www.tml.tkk.fi/Publications/C/25/papers/Reuben_final.pdf. Accessed 10 Feb 2013

  3. Rose R (2004) Survey of system virtualization techniques. http://citeseer.ist.psu.edu/720518.html. Accessed 10 Feb 2013

  4. Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: Proc. Net. and Distributed Sys. Sec. Symp., Feb 2003

  5. Nellitheertha H—InfoSys.com (2006) Virtualization technologies, white paper. http://216.52.49.31/IT-services/infrastructure-services/white-papers/virtualization-technologies.pdf. Accessed 10 Feb 2013

  6. Reuben JS (2007) A survey on virtual machine security. Helsinki University of Technology. http://www.tml.tkk.fi/Publications/C/25/papers/Reuben_final.pdf. Accessed 10 Feb 2013

  7. Nakajima J, Mallick AK (2007) Hybrid-virtualization—enhanced virtualization for Linux. In: Proc. of the 2007 Linux Symposium, 2007. http://kernel.org/doc/ols/2007/ols2007v2-pages-87-96.pdf. Accessed 10 Feb 2013

  8. Menasc′e DA (2005) Virtualization: concepts, applications, and performance modeling. Int. CMG Conference, Orlando, Florida, USA, pp 407–414

  9. Marinescu D, Kröger R. State of the art in autonomic computing and virtualization. Technical report, Distributed Systems Lab, Wiesbaden University of Applied Sciences. http://wwwvs.cs.hs-rm.de/downloads/extern/pubs/techreports/STAR.pdf. Accessed 10 Feb 2013

  10. Cleeff AV, Pieters W, Wieringa R. Security implications of virtualization: a literature study. University of Twente. http://doc.utwente.nl/67484/1/Security_Implications_of_Virtualization.pdf. Accessed 10 Feb 2013

  11. Garfinkel T, Rosenblum M (2005) When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments. Tenth Workshop on Hot Topics in Operating Systems (HotOS), June 2005

  12. Rehman A, Saba T (2012) Evaluation of artificial intelligent techniques to secure information in enterprises. Artif Intell Rev. doi:10.1007/s10462-012-9372-9

    Google Scholar 

  13. Higgins KJ (2007) Vm’s create potential risks. Technical report, dark READING. http://www.darkreading.com/document.asp?doc_id=117908. Accessed 10 Feb 2013

  14. Sailer R, Valdez E, Jaeger T, Perez R, van Doorn L, Griffin JL, Berger S (2005) sHype: secure hypervisor approach to trusted virtualized systems. IBM, Yorktown Heights NY, RC23511

  15. Ferrie P (2007) Attacks on virtual machine emulators. Symantec Advanced Threat Research

  16. King ST, Chen PM (2006) SubVirt: implementing malware with virtual machines. University of Michigan, Ann Arbor

    Google Scholar 

  17. GOODFELLAS Security Research TEAM (2007) [http://goodfellas.shellcode.com.ar]. VmWare Inc version 6.0.0 CreateProcess & CreateProcessEx Remode code execution exploit. http://www.milw0rm.com/exploits/4245. Accessed 10 Feb 2013

  18. Core Security Technologies—CoreLabs Advisory (2008) [http://www.coresecurity.com/corelabs/]. Sun xVM VirtualBox privilege escalation vulnerability. http://www.milw0rm.com/exploits/6218. Accessed 10 Feb 2013

  19. Oberheide J, Cooke E, Jahanian F (2008) Empirical exploitation of live virtual machine migration. http://www.eecs.umich.edu/techreports/cse/2007/CSE-TR-539-07.pdf. Accessed 10 Feb 2013

  20. Mann A (2007) The pros and cons of virtualization.BTQ. http://btquarterly.com/?mc=pros-consvirtualization&page=virt-view%research. Accessed 10 Feb 2013

  21. Vilkeliskis T (2009) Sun’s VirtualBox host reboot PoC. http://www.milw0rm.com/exploits/9323. Accessed 10 Feb 2013

  22. Huston B (2007) Security tip: 3 steps towards securing virtual machines. Security. http://security.itworld.com/4367/nlssecurity071009/page_1.html. Accessed 10 Feb 2013

  23. Kirch J (2007) Virtual machine security guidelines. The center for internet security. http://www.cisecurity.org/tools2/vm/CIS_VM_Benchmark_v1.0.pdf. Accessed 10 Feb 2013

  24. Alfredo. Persistent BIOS Infection. Phrack. [Online]. 13(66). http://phrack.org/issues.html?issue=66&id=7. Accessed 10 Feb 2013

  25. Ferrie P (2013) Attacks on virtual machine Emulators. SYMANTEC ADVANCED THREAT RESEARCH. http://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf. Accessed 10 Feb 2013

  26. Saba T, Rehman A (2012) Effects of artificially intelligent tools on pattern recognition. Int J Mach Learn Cybern. doi:10.1007/s13042-012-0082-z

    Google Scholar 

Download references

Acknowledgments

My thanks and appreciation to the Deanship for Scientific Research at King Saud University Riyadh Saudi Arabia for funding this research.

Author information

Authors and Affiliations

  1. Faculty of Computing, Universiti Teknologi Malaysia, Skudai, Malaysia

    Amjad Rehman

  2. College of Computer and Information Science, Al-Imam M.Saud Islamic University, Riyadh, Kingdom of Saudi Arabia

    Sultan Alqahtani

  3. College of Applied Studies and Community Services, King Saud University, Riyadh, Kingdom of Saudi Arabia

    Ayman Altameem

  4. College of Engineering and Computer Sciences, Salman Abdul Aziz University, Alkharj, Kingdom of Saudi Arabia

    Tanzila Saba

Authors
  1. Amjad Rehman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sultan Alqahtani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ayman Altameem
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tanzila Saba
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tanzila Saba.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Rehman, A., Alqahtani, S., Altameem, A. et al. Virtual machine security challenges: case studies. Int. J. Mach. Learn. & Cyber. 5, 729–742 (2014). https://doi.org/10.1007/s13042-013-0166-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13042-013-0166-4

Keywords

Search

Navigation