While using anĮnvironment like VMWare's ESX that is specifically designed for Virtualization might help mitigate these risks, it certainly doesn'tĮliminate them. Technologies themselves, it's theoretically possible to "escape" from a client VM and into the parent operating system. When vulnerabilities exist within the virtualization However an even bigger threat exists in the form of breakout attacks. Look for security vendors to start pushing technologies that do this. First, most security monitoring appliances are built to monitor traffic from span ports, taps, etc,īut may not yet be adjusted to operate on virtual networks yet. Some folks are blindly mixing VMs without regard for the security implications. Payroll applications), not everybody got that memo. Posture and classification (IE, your public-facing webserver isn't hosted on the same hardware that also handles sensitive internal While paranoid security folks have always been sure to require virtual machines hosted on the same hardware are of the same security (especially since Joanna released Blue Pill's source), I don't expect this to become a large threat anytime remotely soon. While I'm sure some proof-of-concept tools will be released with hypervisor rootkit abilities The bottom line though is that the bad guys don't need to move to the hypervisor because they don't need to. Finally, this year's BlackHatįeatured some back and forth between Rutkowska and other security researchers on whether hypervisor rootkits are really a real threat. The Matrix references yet?), essentially a rootkit able to subvert a running operating system using hardware virtualization built usingĪMD's SVM (at the same conference, Dino Dai Zovi demoed a similar tool called Vitriol for Intel's VT-x). Not done with the topic of virtualization, at BlackHat in 2006, Rutkowska demonstrated but didn't release her "Blue Pill" tool (get Many legitimate endpoints will be running in virtualized environments indistinguishable from a malware analyst's environment andĭistinguishing between virtualization and native hardware will be unnecessary for the bad guys. After all, as virtualized environments become more common, Ironically, this trend might actually go away. Virtualization and respond differently based no that has been creeping into malware in an attempt to make security companies jobs Since then (really since before then - Red Pill wasn't even the first generic VM detection), the ability to detect The goal was to easily detect when a program was running under Several years ago Joanna Rutkowska released the "Red Pill" tool. Here's a brief summary of some of the different issues that are keeping things interesting. They're looking at not only the impact of virtualization on security, but also the impact security can have with virtualization. Virtualization is a hot topic by any measure, and the security world has not escaped healthy debates and new discoveries from researchers just beginning to plumb the issues.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |