Information Technology Reference
In-Depth Information
of system software, in a virtual environment the number of different operat-
ing systems, their versions, and the patch status of each version will be very
diverse, taxing the support team. A side effect of the ability to record in a file
the complete state of a VM is the possibility to roll back a VM. This opens
wide the door for a new type of vulnerability caused by events recorded in
the memory of an attacker.
In case of an infection, in nonvirtual environments, once it is detected,
the infected systems are quarantined and then cleaned up. The systems will
then behave normally until the next episode of infection occurs. However, in
case of virtual environments, the infected VMs may be dormant at the time
when the measures to clean up the systems are taken and then, at a later
time, they could wake up and infect other systems. This scenario can repeat
itself indefinitely.
Another undesirable effect of the virtual environment affects the trust.
Trust is conditioned by the ability to guarantee the identity of entities involved
. Each
computer system in a network has a unique physical, or
MAC
, address; the
uniqueness of this address guarantees that an infected or malicious system
can be identified and then cleaned, shut down, or denied network access.
This process breaks down for virtual systems when VMs are created dynam-
ically. Often, to avoid name collision, a random
MAC
address is assigned to
a new VM.
There is price to be paid for the better security provided by virtualization.
This price includes: higher hardware costs, because a virtual system requires
more resources, such as CPU cycles, memory, disk, and network bandwidth;
the cost of developing VMMs and modifying the host operating systems in
case of paravirtualization; and the overhead of virtualization because the
VMM is involved in privileged operations.
19.5.1.3 Security Threats from Shared VM Images
One of the major security risks, especially associated with the IaaS cloud deliv-
ery model, is the sharing of VM images like Amazon Machine Images (AMIs).
19.6 Cloudware Security, Governance, Risk, and Compliance
Cloud computing is a combination of virtualization, process automation,
and dynamic response to changing application conditions. None of these, on
its own, are anything more than a logical extension of existing IT; the combi-
nation, however, changes the way IT operates.
Some of the changes are as follows:
• Dynamism
: The rapid provisioning of computing resources, as well
as rapid change in application topologies as computing resources
Search WWH ::
Custom Search