Cloud-Based Infrastructures and Virtual Machines

Introduction

Cloud infrastructures allow for rapid and simultaneous creation of virtual machines (VMs).
Managing VMs has unique security challenges compared to physical devices.

Frequent Changes: VMs are created and destroyed frequently, complicating security management.
Configuration Variability: VMs can differ in CPU count, memory, storage, and operational capabilities.
Similarities to Physical Devices: Despite differences, VMs run operating systems (OS) like Windows or Linux, requiring similar security measures.

Common vulnerabilities: local privilege escalation, command injection, information disclosure.
VM Isolation: VMs operate independently with their own resources and should not interfere with each other.

Definition: Occurs when an attacker moves from one VM to another on the same hypervisor.
Example Incident:
- At the Pwn2Own competition in March 2017, a VM escape was demonstrated using a bug in Microsoft's Edge browser and Windows 10 kernel.
- Exploited a VMware bug to move between VMs on the same hypervisor.
Resolution: VMware patched the vulnerability promptly.

Hypervisor Role: Manages allocation of physical resources (memory, storage, CPU) to VMs.
Resource Allocation Issue:
- Example: 4GB RAM allocated to a host, 3 VMs each assigned 2GB, exceeding physical capabilities.
- Hypervisors manage resource allocation dynamically, but bugs can cause resources to be improperly shared.
Security Risk: Improper management can lead to data leakage between VMs.
Solution: Update hypervisor code to prevent sharing errors and ensure resource isolation.

Understanding and mitigating security risks in virtual environments is crucial.
Continuous updates and monitoring are essential to safeguard cloud-based infrastructures.