Real Security in Virtual Systems: a Proposed Model for a Comprehensive Approach to Securing Virtualized Environments

Corporate adoption of new server virtualization technologies offered by VMWare, Microsoft, the open source community (Xen) and others raises both new opportunities and new risks for system security. Security issues of virtualization have received some attention in trade periodicals and journals, but a comprehensive and authoritative understanding of virtualized system security under current models of information security has yet to be developed. Such an understanding requires that some fundamental questions be asked: What is the place of virtualized system components in security models as they are currently understood? How should the implementation of virtualization be expected to affect security planning under such models? Our paper presents a first attempt to address these questions. We present an integrated model of system security highlighting the effects of virtualization. We then use this model to analyze security impacts of virtualization within the overall system security context, and present suggestions for further research to formalize security in systems incorporating