Information Technology Reference
In-Depth Information
with trusted software, is critical to system security. If such mechanisms do
not exist, malicious software can impersonate trusted software. Some sys-
tems provide trust paths for a few functions such as log-in authentication
and password changing and allow servers to authenticate their clients. A
trusted-path mechanism is required to prevent malicious software invoked
by an authorized application to tamper with the attributes of the object
and/or with the policy rules.
A highly secure operating system is necessary but not sufficient unto itself;
application-specific security is also necessary. Sometimes security imple-
mented above the operating system is better. This is the case for electronic
commerce that requires a digital signature on each transaction. Applications
with special privileges that perform security-related functions are called
trusted applications. Such applications should only be allowed the lowest
level of privileges required to perform their functions. For example, type
enforcement is a mandatory security mechanism that can be used to restrict
a trusted application to the lowest level of privileges.
19.5.1.2 Virtual Machine (VM) Security
VM technology provides a stricter isolation of virtual machines from one
another than the isolation of processes in a traditional operating system.
Indeed, a VMM controls the execution of privileged operations and can thus
enforce memory isolation as well as disk and network access. The VMMs are
considerably less complex and better structured than traditional operating
systems; thus, they are in a better position to respond to security attacks.
A major challenge is that a VMM sees only raw data regarding the state of
a guest operating system, whereas security services typically operate at a
higher logical level, for example, at the level of a file rather than a disk block.
Virtual security services are typically provided by the VMM or through a
dedicated security services VM. A secure trusted computing base (TCB) is
a necessary condition for security in a virtual machine environment; if the
TCB is compromised, the security of the entire system is affected.
A guest OS runs on simulated hardware, and the VMM has access to the
state of all virtual machines operating on the same hardware. The state of a
guest virtual machine can be saved, restored, cloned, and encrypted by the
VMM. Not only can replication ensure reliability, it can also support secu-
rity, whereas cloning could be used to recognize a malicious application by
testing it on a cloned system and observing whether it behaves normally.
One of the most significant aspects of virtualization is that the complete
state of an operating system running under a virtual machine is captured
by the VM. This state can be saved in a file and then the file can be cop-
ied and shared. Thus, creating a VM reduces ultimately to copying a file;
therefore there will be a natural explosion in the number of VMs, and the
only limitation for the number of VMs is the amount of storage space avail-
able. While traditional organizations install and maintain the same version
Search WWH ::
Custom Search