A SECURITY FRAMEWORK FOR VIRTUALIZATION BASED COMPUTING ENVIRONMENT

Transcription

1 A SECURITY FRAMEWORK FOR VIRTUALIZATION BASED COMPUTING ENVIRONMENT Patra.Nikitasha** 1, SAHOO.JYOTIPRAKASH * 2, MAHAPATRA.SUBASISH** 3, PATI.SARADA PRASANNA** 4 *Dept. of Information Technology,** Dept. of Computer Science and Engineering, Institute of Technical Education & Research, Siksha 'O' Anusandhan University, Bhubaneswar , India 1 nikitasha.patra@gmail.com 2 sahoo.jyotiprakash@gmail.com 3 subasish2003@yahoo.com 4 saradapati78@gmail.com Abstract: Virtualization in simple words refers to the way of running more than one operating system in a single machine at the same instance of time which is not possible in the a multi-booting operating system. With an advantage so many disadvantages are there, in this paper we describe about the security issues of virtualization and how it deals with in relation to the network security issues. We have proposed a model for a security framework to deal with the security issues of virtualization. Keywords:. Virtualization; Security issues; framework. 1. Introduction Virtualization can be defined as a methodology of dividing a physical computer into multiple execution environments by introducing a software abstraction layer between the hardware and operating system and the related applications. So many technologies like hardware partitioning, time sharing and partial and complete simulation are applied for virtualization [1]. The abstraction layer is called as Virtual Machine Manager i.e. VMM or Hypervisor. Each partly or fully isolated units are called as Virtual Machines i.e. VMs [2]. Each of the VMs feels like that they are running on their own physical computer but actually they share memory, hard disks of main computer [3]. 2. Virtualization During late 1960 s when multiprogramming and time-sharing system come into thought then virtualization was developed. The two roots of virtualization are Atlas Computer and IBM s M44/44X. The Atlas computer project was run by the Department of Electrical Engineering at Manchester University and funded by Ferranti Limited. IBM created the M44/44X at the IBM Thomas J. Watson Research Centre in Yorktown, New York [4]. Virtualization is best known to have been started with the development of the System/360 mainframe, by IBM Corporation [2]. VM technology stayed as an internal project inside IBM until 1972, when it became a commercial product. 2.1 Benefits: The two main benefits of virtualization are A. Resource Sharing In non-virtualized environment all the resources are totally used by the parent machine but in case of virtualized environment all the physical resources are shared among the guest machines which indirectly help the resources to be utilized perfectly. B. Isolation The ability of a virtual machine to isolate data from the other guests is the key factor in determining the environment. Programs running in one machine cannot see programs running in another VM [2]. 2.2 Classification VMMs can be classified into two types : ISSN : Vol. 3 No. 8 August

2 Type 1: This type is also called as native or bare-metal because the hypervisor software runs on top of the host s hardware. This allows a very true isolation between Oss. Hypervisors like VMware ESX Server and Xen are the best examples of Type-1 VMM. Figure 1 Type 2: This type is also called hosted VMM because the hypervisor software runs within a normal host operating system already installed. Hypervisors like VMware Workstation, Sun Virtual Box and Parallels Workstations are the best examples of type-2 VMM[4]. Figure 2 The different virtualization approaches can be classified into: A. Full Virtualization Here all the VMs run on unmodified in isolation and the OS running inside the virtual machine is called as guest operating system. This kind of approach was started at 1967 with IBM CP-40 and CP-67[4]. To implement full virtualization all the hardware and software associated with the machine should support virtualization. It was a great support when Intel and AMD added the hardware virtualization extension(intel VT and AMD-V respectively) in the year 1972[5]. B. Para Virtualization In Para- virtualization guest OS need to modify itself to do all necessary translation which indirectly lead to higher performance. But with the drawback of modifying operating system kernel[4]. The virtual devices of a in para-virtuallized environment rely on the physical devices of host operating system[2]. Here the architecture dependent part of the operating system kernel need to be changed [6]. C. Emulation Emulation is the technique where VM simulates the entire hardware needed to run the unmodified guest OS normally for a complete different architecture. It allows to develop programs and operating systems for new hardware design[4]. 3. Security Issues In Network Interlinked computers give rise to a network. The Internet is called as network of networks [9]. When we connect to Internet through ISP then underlying protocols and services would send packets with our query to the ISSN : Vol. 3 No. 8 August

3 ISP s network and then both of them are connected to each other. Now-a-days where Internet is the soul need of each and every man, but each time there is a question arising in mind Is it SECURE?. There is always a use of network in case of online transaction, business processes, wireless stock transaction etc. In media there is always a news like $10M transferred out of one banking system, loss of intellectual property, alteration of medical diagnostic test results, extortion and hacking [10]. These are the results of unsecure network. Security in the network means the network should satisfy the security goals (Integrity, Confidentiality, Availability).Security issues in a network can be of many types like: A. Denial of service It is the most difficult type of issue to handle with. Because in this kind of attack it is easy to start but, very difficult to trace out. Attacker just login as different user and start sending packets of no use and when the actual needed packet is send then the route seems to be busy. B. Unauthorized Access It can refer to much kind of attacks like using the commands illicitly (getting the administrator privilege and change the configuration of the host), confidentiality breaches (certain information are captured by unwanted unauthorized users) or else destructive behaviors like data diddling and data destruction [10]. 4. Security Issues In Virtualization Although Virtualization is a new age technology and it has been widely used now-a-days. It has been going in all the fields like in telecom, finance, IT etc. The main advantage of using virtualization is cost savings, server consolidation, disaster recovery and improved business continuity, among others [4]. According to Gartner "through 2009, 60 percent of production VMs will be less secure than their physical counterparts" and that "30 percent of deployments [will be associated] with a VM-related security incident [7]. Hence although we are in a better condition in concern to the working environment but as far as security is concern there are some areas where we virtualization lack like, 4.1 Communication between VMs or Between VMs and Host Isolation between the VMs is the main advantage of virtualization, but it should always be perfectly deployed or else one VM can have access to other VMs. So that the file system and the networking devices become vulnerable[2][3] VM Escape Although virtualization truly believes in isolation,but in real world it is actually not possible due to architectural limitations. Programs running in a VM may gate full access to host system, this is called as VM Escape. 4.3 VM monitoring from other the host Usually the host machine is considered to be the control point of all the VMs. Following are the possible ways for the host to influence the VMs [2]: The host can start shutdown, pause and restart the VMs. The host can able to monitor and modify the resources available for the virtual machines. The host if given enough rights can monitor the applications running inside the VMs. The host can view, copy, and likely to modify the data stored in the virtual disks assigned to the VMs Hence while configuring the VMs one should be careful enough. 4.4 Denial of Service In virtual machine architecture, resources as CPU, memory, disk and network are shared between the host and the guests. It is then possible for a guest machine to impose a denial of service (intentional or not) to others guest which would also affect the host by taking all the possible resources of the system. When other guests try to request a resource, the system will deny that access since there is no resource available[4]. 4.5 External modification of a VM or the Hypervisor: For some sensitive application the trust of a secure VM should be maintained. And for some of the application the trust with the hypervisor should be maintained. For these reasons a digitally signed VM should be used[2]. ISSN : Vol. 3 No. 8 August

4 5. Need of Security Framework According to a survey by CISCO [10] the rate of attacker knowledge is decreasing day by day with an increase of attacker sophistication. Hence its becoming so difficult to get the idea about the attackers. It is possible by deploying firewall through the router. Router acts as a junction between two or more networks to transfer data packets among them. A router is different from a switch. A switch connects devices to form a local area network(lan). Switch has no idea about the IP address(es) on LAN. We thought about deploying a firewall in the host machine to create a security framework. Firewall is a devices or programs that controls flow of network traffic between networks or hosts [13]. Many cases firewall are taken as with relation to Internet but it can be used in internal network for sensitive functions. We can consider many types of firewall like: A. Personal Firewall It is a software installed in an end user s PC which controls the communication based on the security policies. It just run as an application software in the user PC. B. Network layer Firewall Network layer firewall act as a packet filter by deciding what packets will pass the firewall according to rules defined by the administrator [13]. The rules are based on port numbers of source and destination. It can again be divided into two categories like state full and non-state full. State full firewalls contain some idea about the state of the network (e.g. connected, initiation etc) hence provide higher level of security whereas stateless or non-state full firewall has no idea about the states of the network. Security in case of stateless is less. C. Application layer firewall This kind of firewall works at the application layer of protocol stacks [6]. It keeps an eye on inappropriate content just like websites, viruses, attempts to exploit logical flaws in client software etc. 6. Proposed Model Figure 5: Security framework model According to our model a firewall will be deployed inside the host machine which will help to filter the incoming and outgoing packets to find out the malicious packets. By this kind of framework we can eradicate the two mostly happening security issues of virtualization i.e. Communication between VMs or Between VMs and Host and VM monitoring the host. Firewall can be a proxy firewall ( proxy server works by making requests on behalf of client) or a packet filtering firewall( packet filters work by examining the IP packets)[11][13]. Netfilter.org is the home of the software of the packet filtering framework inside Linux 2.4x and 2.6x kernel series. IPtables is a generic table structure for the definition of rule set. Each rule consists of a number of classifiers ( iptables matches) and one connected action (iptables target). Iptables is a command line tool just like ipchains, but iptables are more advanced than the ipchains by advanced logging, pre and post routing actions etc. There are three built-in tables which contain some predefined chains. Those are 1.Filter table: This table is responsible for filtering the packets. The built-in chains for table are : a. INPUT-Applies to network packets that are targeted for the host. b.output-applies to locally generated network packets. c. FORWARD- Applies to network packets routed through the host. ISSN : Vol. 3 No. 8 August

5 2. Nat table: this table is responsible for setting the rules for rewriting packet addresses or ports. Chains are like PREROUTING,POSTROUTING, OUTPUT. 3. Mangle table: this table is responsible for advance effects like quality of services. Chains are like PREROUTING, POSTROUTING, OUTPUT, INPUT, FORWARD.[14][15] Here we are mostly concern about the application layer firewall implementation. So before going to the change of iptable command we should know about the working principle of ipatables. When any incoming packet enters into the host machine then it is first processed through the filter deployed then decision is taken whether to drop or reject or accept the data packet. Iptables target is of three types [14]: ACCEPT- Iptables stops processing further and the packet is handed over to operating system for processing. DROP- The incoming packets are blocked REJECT- It works like DROP but it gives an error message to host sending the packet. Figure 6: Working of proposed model with Firewall Before making any changes to the iptable commands we need to delete all the previously created rules by the command: #Iptables --flush Then we can ping the host from the guest or guest from the host by using ping command #ping (ip address of respective host or guest) e.g. ping If we want then to block a guest to communicate from a host we can use the command like #iptables A INPUT p icmp j REJECT Here this new rule will be appended in the rule set and hence next time we want to use the ping command, it won t be working. As we know that ftp works on port no.21 and likewise ssh in port no.22 and tcp on port no.80[13]. Filtering inbound traffic is known as ingress filtering. Outgoing traffic can also be filtered, a process referred to as egress filtering. Here, we can implement restrictions on their internal traffic, such as blocking the use of external file transfer protocol (FTP) servers or preventing denial of service (DoS) attacks from being launched from within the host against outside entities [13]. Hence for blocking of the ftp server we can use the command #iptables A INPUT (ip address of host or guest) -p tcp dport 21 -j REJECT Here A means to append and j means to jump to the target which is REJECT in this case. Lastly we have created a webpage in the guest machine along with in the host machine and tried to access both respectively. If we want then we can block and allow specific websites in guest to make it secure by #iptables A INPUT(ip address of guest or host) p tcp dport 80 j REJECT Here we have just given few examples how we can reject the packets from entering in the guest or the host. Similarly we can just change the target to ACCEPT or DROP to get it allowed. Finally for saving the new rules set we use the command #iptables -- save #iptables restore To see the particular table #iptables t filter -- L ISSN : Vol. 3 No. 8 August

6 7. Performance Evaluation The hardware performance is measured during virtualized framework working with different kind of operations like ping, ftp service and http service. Figure 7 Figure -7 shows us the cpu, memory and network workloads during the ping operation. As we can see here cpu 1 is working highest i.e 13.9% with only the memory use of MiB. When the ftp service transfer working in fig-2 there is highest use of cpu 3i.e. 14.5% with an increase in memory usages of 1.2GiB and the graph also shows the sending of packets upto 717MiB. Figure 8 When we use the security framework to block the http and ftp service then there we can see few changes in the graph just shown in Figure-8. Figure 9 In Figure -9, there is an increase in cpu 4 utilization whereas decrease in cpu 1 and 2 utilization and there is no variation of memory usage in memory graph. Even we can see that there is no high rate of data transfer graphs. ISSN : Vol. 3 No. 8 August

7 8. FUTURE WORK A lot of research programs are being done in Virtualization security but still there are many security issues remaining to deal with. In this section we will discuss some areas for the future work on the security issues in virtualization [8]. In Virtualization security we cannot check out the users in individual VMs. For that we need to go for the application layer. By giving an id to individual user and by deploying ID management in VM we can secure individual users from security break-through. Device drivers are very vulnerable to attacks; it is desirable to isolate them. So we need to use different hardware and memory for VMM and device drivers and secure communication between the guest VM and device driver domain. There is a huge increase in use of portable devices,but running virtual machine on portable devices is difficult due to limited resources and computation ability of portable devices. Again some of the VMM like Xen rely on hardware support for multiple privilege rings. So for this we need additional instruction emulation and translation. We can go for pre-routing and post-routing options and quality of service checks by the use of NAT and MANGLE tables. 9. Conclusion In summery we can say that by deploying a firewall in application layer of host machine we can give a better security to guest as well as host machine. A better work can be done if we will take the NAT and MANGLE tables into consideration. This paper presented with some of the commands of iptables tool kit, but we can go for all experiments with the in-built ip chains. References [1] The Government of the Hong Kong Special Administrative Region, Security In Operating System Virtualization February, 2008 [2] Mohapatra S., Sahoo J.and Lath R. Virtualization: A Survey On Concepts, Taxonomy And Associated Security Issues Second International Conference on Computer and Network Technology, [3] Kirch. Virtual machine security guidelines. The centre for Internet Security,September 2007 [4] CIS VM Bench mark, [5] João Carlos Carvalho dos Santos Ramos( in Portugal) Security Challenges With Virtualization December, 2009 [6] John Scott Robin and Cynthia E. Irvine Analysis of the intel pentium s ability to support a secure virtual machine monitor. In SSYM 00: Proceedings of the 9th conference on USENIX Security Symposium, pages 10 10, Berkeley, CA, USA, USENIX Association. [7] Adam Lackorzynski Björn Döbel Alexander Böttcher Hermann Härtig, Michael Roitzsch. L4 virtualization and beyond. Korean Information Science Society Review, [8] Neil MacDonald. Security considerations and best practices for securing virtual machines.gartner, Inc., March [9] Zhao Xin., Borders K., Prakash A. Advances In Computer Science And Engineering: Virtual Machine Security Systems Department of EECS, University of MichiganAnn Arbor, MI, , USA [10] Curtin M. Introduction to Network Security, March,1997 [11] Ciscosystem, Inc, [12] Microsoft Security Bulletin, technet/ security/ bulletin/ MS mspx [13] National Vulnerability Database, nvd.cfm? cvename = CVE [14] Scarfone K. and Hoffman P. Guidelines on Firewalls and Firewall Policy Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD ,September 2009 [15] Netfilter: firewalling, NAT, and packet managing for linux, [16] Kak Avi. Lecture Notes on Computer and Network Security,Purude University,March 30, 2011 ISSN : Vol. 3 No. 8 August