Virtualisation vendors warn of security challenges

Two major figures in virtualisation security have warned of challenges facing IT managers in implementing secure virtual environments.

Speaking at the RSA Conference in San Francisco on Friday, Simon Crosby, chief technology officer for XenSource, said security policies could be broken by misconfiguration.

"Virtualisation can challenge an IT organisation's infrastructure, which suddenly becomes dynamic," said Crosby. "You can shift a workload from server A to server B, but if the security policy doesn't follow, [virtualisation] has broken it. That's a challenge."

Crosby warned that throwing random data at the interface between the guest software and the controlling hypervisor could result in successful attacks.

"Attacks known to-date involve fuzzing the emulation interface between the guest and the hypervisor, but they are largely hypothetical," said Crosby. "Up until now, security has not been a major issue. Threats to the hypervisor are currently minor — there haven't been many attacks to date, although they will come."

IT managers should put in place systems to verify that virtual appliances haven't been modified, including systems that check open-source virtual Just Enough Operating Systems (JEOS) and Microsoft's Hyper-V appliance. "If you have your own [virtual] JEOS update itself that's a disaster waiting to happen. And Hyper-V has the full attack surface of any operating system, which is not a good thing," said Crosby.

Crosby said that in general virtualisation reduced the number of points of entry into operating systems, but that vendors relying on kernel access to implement security would run into difficulties. "We reduce the scope of threats because we reduce the attack surface of the operating system," said Crosby. "The challenge is the way security technologies rely on being inside the operating system to protect against attack."

Stephen Herrod, chief technology officer for VMware, who was also speaking at the RSA Conference, claimed virtualisation would improve IT security due to fewer third-party drivers introducing vulnerabilities. "The notion that the surface area of attack increases — well, there's an opportunity to have less layers running in the machine if it doesn't have a plethora of drivers plugging in and out," said Herrod.

Infrastructure vulnerabilities introduced through misconfiguration should be a concern for IT professionals, according to Herrod. "Virtual environments can be disruptive [due to] new APIs and security tools to plug into. Security issues can be caused by misconfiguration."

Herrod added that server virtualisation should be less of a concern than PC virtualisation security. "With server virtualisation the benefits are profound. Security is all centralised and managed from one place: there's only one image to patch. The challenge is to deliver an end-to end-secure and gorgeous PC experience."