Virtualization Technology News and Information
An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments

Tavis Ormandy from Google published this 10 page whitepaper that looks at the security exposure of a virtualization host machine at the expense of a hostile virtual environment.  It looks at such platforms as VMware Workstation and Server, Bochs, QEMU, Xen and others.


As virtual machines become increasingly commonplace as a method of separating hostile or hazardous code from commodity systems, the potential security exposure from implementation flaws has increased dramatically. This paper investigates the state of popular virtual machine implementations for x86 systems, employing a combination of source code auditing and blackbox random testing to assess the security exposure to the hosts of hostile virtualized environments.


Secure isolation is one of the fundamental concepts of virtualization, confining a program to a virtualized environment should guarantee that any action performed inside the virtual machine cannot interfere with the system that hosts it. Consequently, virtual machines have seen rapid adoption in situations where separation from a hostile or hazardous program is critical. We can consider a virtualized environment hostile when untrusted code is being executed or when untrusted data is being processed by services inside the virtual machine2. The use of virtual machines in malware analysis is well documented, as are numerous proposals for hosting hazardous applications such as honeypots or intrusion detection systems.

This paper seeks to test how safe the assumptions of isolation and containment are in practice through the analysis of several popular virtual machine implementations for the x86 architecture in use today. While this is not a new concept, Ferrie describes how DOS-based, reduced privilege virtual machines could be trivially escaped from, and Tim Shelton describes a flaw in the VMware Workstation NAT service that could result in compromising the host machine, little other research has been published in this area.

You can download the whitepaper, here.

Published Tuesday, April 15, 2008 6:15 AM by David Marshall
» An Empirical Study into the Security Exposure to Hosts of Hostile … - (Author's Link) - April 15, 2008 9:43 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2008>