• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Virtualization   »   Hypervisors Bring New Capabilities and New Risks

Hypervisors Bring New Capabilities and New Risks

  • Posted on:September 22, 2009
  • Posted in:Virtualization
  • Posted by:
    Trend Micro
0

Hypervisors bring new capabilities to us, but they also bring new computing risks. Understanding this new environment is important. As virtualization becomes mainstream, we need to find ways to identify risks and protect these new infrastructures. Hypervisors, while central to all virtualization methods, are a core risk area.

Hypervisors are a “meta” operating system in a virtualized environment. They have access to all physical devices in a server, including all disk and memory. Hypervisors both schedule access to these devices, and help to protect clients from each other. A server first starts to execute the hypervisor, which then loads each of the virtual machine client operating systems, allocating the appropriate amount of memory, CPU usage, network bandwidth and disk space for each of the VMs.

The hypervisor can control all aspects of all VMs running on the hardware, so it is a natural security target. Securing the hypervisor is vital and  more complex than it appears.

VMs make requests to the hypervisor through several different methods, usually involving a specific API call. These APIs are prime targets for malicious code, so substantial effort is made by all hypervisors to ensure that the API’s are secure, and that only authentic (authenticated, and authorized) requests are made from the VMs. This is a critical path function.  It should be noted, however, that speed is a significant requirement in all hypervisors, to ensure that the overall performance is not impacted.

There are already calls for new APIs to be made in order to make it easier for virtual machines to communicate with each other. On the surface, this makes sense – why write a file to disk, so another virtual machine can read it? Why not just do a memory-to-memory copy operation?

These APIs, such as the VMware VMCI facility, introduce a new kind of risk for operating systems running as virtual machines. As new capabilities are added over the next few years and we figure out how best to use these new technologies, security vendors need to be sure that we track these changes and be aware of the new ways in which malware can be introduced to the virtual machines.

Another point is the network path. Often, the network interface for the hypervisor is the exact hardware that the virtual machines use. If the network is not planned carefully, this can mean that the virtual machines can reach the hypervisor IP address, which could lead to a compromise if the hypervisor logins are not protected with strong passwords. It can also lead to DDoS attacks, which can make it difficult or impossible to reach the hypervisor from off-network, in order to shut down the rogue VM.

Related posts:

  1. Virtualization-specific challenges could threaten data security
  2. Averting a ‘Crisis’ for your VMware environment
  3. New trends in virtualization present security risks
  4. PCI council clarifies virtualization risks

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.