New computer network security threat identified

February 22, 2008

Large companies are vulnerable to hackers when they network their computers for cost-saving live virtual machine migration, University of Michigan researchers say.

Virtualization, which allows multiple operating systems, or "virtual machines" and their applications to share one physical server, has been possible for decades, but live virtual machine migration is relatively new.

It allows individual virtual machines to migrate among several servers throughout the day with little service downtime, equalizing the load on the servers as it fluctuates. The security of live virtual machine migration has not been studied extensively, but the set-up is common in large companies today.

Hackers could intercept data and compromise the integrity of a virtual machine's operating system during live migration, said Jon Oberheide, a doctoral candidate in the electrical engineering and computer science department. The most popular software doesn't encrypt the information as it travels from server to server.

How does Oberheide know this? He hacked into his own migrating virtual machines.

"I was setting up a live virtual machine migration network in my office and I started poking around, and I noticed that it was totally insecure," Oberheide said.

As a short-term fix, companies can isolate their migration network from other network traffic or install hardware encryption devices on all their physical servers, Oberheide said.

"The important thing is to raise awareness of the vulnerability," Oberheide said. "Solutions are feasible, but they're not implemented by the most popular vendors. What is really needed is authenticated and encrypted migration so the attacker cannot perform these attacks, so that even if he can see the migration, he can't modify it."

Oberheide details his findings in a talk at the Black Hat D.C. computer security conference this week. He will present the paper, "Empirical Exploitation of Live Virtual Machine Migration." Other authors are research fellow Evan Cooke and professor Farnam Jahanian, both of U-M's Department of Electrical Engineering and Computer Science.

Source: University of Michigan

Rate this story - 4 /5 (5 votes)

rank
1
2
3
4
5

view popular

Other News

New 'finFETs' promising for smaller transistors, more powerful chips

Technology / Semiconductors

6 hours ago | 4.9 / 5 (7) | 2

(PhysOrg.com) -- Purdue University researchers are making progress in developing a new type of transistor that uses a finlike structure instead of the conventional flat design, possibly enabling engineers ...

Hydrogen milestone moves energy independence one step forward

Technology / Energy

4 hours ago | 3.3 / 5 (4) | 1

(PhysOrg.com) -- Big things often come in small packages. That's certainly the case with the potential created by recent successes in hydrogen research at Idaho National Laboratory.

New search technique for images and videos has broad applications

Technology / Computer Sciences

4 hours ago | 5 / 5 (3) | 0

(PhysOrg.com) -- Engineers at the University of California, Santa Cruz, have developed a powerful new approach to a fundamental problem in computer vision: how to program a computer to recognize or categorize ...

Adobe Systems announced on Tuesday it was cutting some 680 jobs worldwide

Adobe cutting 680 jobs

Technology / Business

1hour ago | not rated yet | 0

Adobe Systems, known for its Photoshop editing program and Acrobat document software, announced on Tuesday it was cutting some 680 jobs worldwide, about nine percent of its workforce.