Question

In: Computer Science

What's still non-isolated wrt information security when two guest OSs are running on a hypervisor?

What's still non-isolated wrt information security when two guest OSs are running on a hypervisor?

Solutions

Expert Solution

motivation for isolating guest OSs from each other and the underlying hypervisor and host OS is the mitigation of side-channel attacks. These attacks exploit the physical properties of hardware to revealinformation about usage patterns for memory access, CPU use, and other resources. A common goal of these attacks is to reveal cryptographic keys.

These attacks are considered difficult, usually requiring direct physical access to the host.

Attackers may attempt to break out of a guest OS so that they can access the hypervisor, other guest OSs, or the underlying host OS. Breaking out of a guest OS is also known as escape. If an attacker can successfully escape a guest OS and gain access to the hypervisor, the attacker might be able to compromise the hypervisor and gain control over all of its guest OSs. So the hypervisor provides a single point of security failure for all the guest OSs; a single breach of the hypervisor places all the guest OSs at high risk.

Guest OSs are often not completely isolated from each other and from the host OS because that would prevent necessary functionality. For example, many hosted virtualization solutions provide mechanisms called guest tools through which a guest OS can access files, directories, the copy/paste buffer, and other resources on the host OS or another guest OS. These communication mechanisms can inadvertently serve as an attack vector, such as transmitting malware or permitting an attacker to gain access to particular resources. Bare metal virtualization software does not offer such sharing capabilities

The hypervisor is fully aware of the current state of each guest OS it controls. As such, the hypervisor may have the ability to monitor each guest OS as it is running, which is known as introspection.

For many virtualization products, the hypervisor can incorporate additional security controls or interface with external security controls and provide information to them that was gathered through introspection. Examples include firewalling, intrusion detection, and access control.


Related Solutions

Even though there are new technologies to combat information security incidents, they still occur regularly. Find...
Even though there are new technologies to combat information security incidents, they still occur regularly. Find an article/video about an information security incident. Post a link to the article/video AND discuss it in the forum.
When two waves are overlapped on each other in the same medium, are they still two...
When two waves are overlapped on each other in the same medium, are they still two waves, or is the result a single wave? explain
When an individual is standing still on two feet, they are said to be stable. 1)...
When an individual is standing still on two feet, they are said to be stable. 1) Discuss the how the movement of the center of gravity over the person’s feet in response to an external torque relates to stability. 2) Mechanically speaking, what will happen if the center of gravity moves outside of this base of support? 3) Using the Newton’s third law, what are some things you can do in this scenario to prevent yourself from falling? Give specific...
How do we calculate the relative velocities of two bicycles when one is still? When they...
How do we calculate the relative velocities of two bicycles when one is still? When they are traveling in the same direction? When they are traveling in opposite directions? You might find it easier to answer if you randomly assign some numbers to each.
For the assignment you have to do two thing Passing arguments when running the jar or...
For the assignment you have to do two thing Passing arguments when running the jar or class file To run the client, command to run from CMD will be: java –jar Client.jar <server-IP> <server-Port> OR java Client <server-IP> <server-Port> To run the server, command to run from CMD will be: java –jar Server.jar <server-Port> <dns-table-file-name> OR java Server <server-Port> <dns-table-file-name> In the server, Read the file and search for specific IP or URL based on the command received from client...
What's your typical information search consist of when you're looking to buy something? Does your search...
What's your typical information search consist of when you're looking to buy something? Does your search vary based on the price of what you're buying? What is meant by internal and external searches? Pleas answer in an overall total of 150 words or more.
Write two pages about the firewall, two pages about cybersecurity, and two pages about information security...
Write two pages about the firewall, two pages about cybersecurity, and two pages about information security systems.
What kind of difficulties there might be when creating an information security policy? What is required of them?
What kind of difficulties there might be when creating an information security policy? What is required of them?
Consider the following information on two securities Expected rate of return on Security Ri = 0.10...
Consider the following information on two securities Expected rate of return on Security Ri = 0.10 Expected rate of return on Security Rj = 0.20 Variance of ROR of security Ri = 0.16 Variance of ROR of security Rj = 0.25 Covariance between Ri and Rj = -0.04 (minus 0.04) Obtain the the investment fractions to obtain the Global Minimum Variance Portfolio Expected rate of return on Global Minimum Variance Portfolio Variance of Global Minimum Variance Portfolio Is your portfolio...
Determine why information security is so important in healthcare by analyzing at least two different types...
Determine why information security is so important in healthcare by analyzing at least two different types of safeguards for data and elaborate on what standards are looked at for each. Also, identify the types of facilities these safeguards can be used in and what are the expectations. Please try not to duplicate your classmates’ answers. There may be several different standards for each safeguard but you are required to mention at least two.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT