One of the most attractive features of virtualisation - the ability to replicate virtual servers on the fly to meet demand - carries major security risks - from data theft to denial of service - according to a talk scheduled for the Black Hat DC 2008 conference this week in Washington.
When a virtual machine migrates from one physical server to another, it can be subject to a range of attacks primarily because authentication between machines is weak and the virtual-machine traffic between physical machines is unencrypted, says Jon Oberheide, who will present the briefing.
Short term, the cure is installing hardware-based encryption on all the physical servers that might send or receive virtual machines, Oberheide says, but long term, virtual-machine software should incorporate strong authentication that minimises the risk.
During his talk, he will describe a proof-of-concept tool he used in a lab to execute man-in-the-middle attacks against virtual machines as they migrated from one physical server to another. His research targeted open source Xen and VMware virtualisation platforms.
Citrix, which sells a commercial version of Xen, gets around the problem with its management server acting as a third party to authenticate origination and destination servers to each other, says Simon Crosby, CTO of the virtualisation and management division at Citrix. "We avoid that man-in-the-middle attack by being the man in the middle," he says.
For its part, VMware recommends encryption of virtual machine migration, which it calls VMotion. "VMotion network activity is not encrypted, so as a best practice this traffic should occur on a dedicated VLAN or connection and kept secure from network sniffing, as the running memory state of a virtual machine traverses the VMotion network and will likely contain privileged information," the company says on its Web site.
"Hardware based SSL encryption is an option for securing VMotion networks in high security deployments."