SECURITY AWARENESS IN VIRTUALIZED SERVER BASED COMPUTING: THREAT SOURCES AND ATTACK TYPES IN HYPERVISORS
Abstract
This paper presents the state of security awareness among key personnel managing virtualized server-based infrastructures. Major security issues assessed are those associated with hypervisor Threat Sources and Attack Types. An inductive approach was used to determine six Threat Sources and six Attack Types through documentary review of relevant literature. The Threat Sources include virtual machine communication, hypervisor intrusion, network sources and malpractices of server administrators. The Attack Types include hypervisor modification, denial of service, isolation breakage in hypervisor, multitenancy issues, virtualization sprawl and data compliance issues across multiple virtual machines. A statistical approach using the Mann-Whitney U statistical test was used to quantify 38 sets of data collected inform of a 5Likert scale questionnaire submitted by 24 public and private organizations based in Tanzania. In assessing reliability analysis, a Cronbach's Alpha with values of 0.986 and 0.960 were obtained for Threat Sources and Attack Types respectively signifying high reliability and excellent internal consistency of test items. Generally, for the Threat Sources tested, a moderate awareness level was found. On the other hand, awareness level of Attack Types was found to be not satisfactory. There is a notably low level of awareness of attacks due to isolation breakage in hypervisors, multi-tenancy issues, virtualization sprawls and data compliance issues. Isolation breakage was the most unknown attack types by far; hence the risk of spreading infected virtual machines across computing infrastructures is high. About 50% of the adopters cannot handle data compliance issues especially in heterogeneous environment. More specifically, the Mann-Whitney U was also used to determine association between awareness levels of threats and attacks in public and private adopters. Private adopters had higher mean ranks showing higher awareness of all security aspects compared to public adopters. A significant association was seen in the awareness of hypervisor modification and multi-tenancy issues by private adopters. Awareness levels of hypervisor Threat Sources and Attack Types is not acceptable enough to ensure maximum protection of systems and data in virtualized infrastructures. The study reveals existence of a serious knowledge gap among adopters which implies high operational risks. The need to capacitate skills development is vital for adopters to attain maximum security of their assets.ÂReferences
Arif, M. and Shakeel, H. (2015). Virtualization security: Analysis and open challenges. International Journal of Hybrid Information Technology (IJHIT). ISSN: 1738-9968. 8(2):237-246.
Cox, P. (2011). Top virtualization security risks and how to prevent them. pp. 3-6. TechTarget
Network,
[http://searchcloudsecurity.techtarget.com/tip/ Top-virtualization-security-risks-and-how-toprevent-them]site visited on 21/08/2017
DeVellis, R. F. (2003). Scale development: Theory and applications. Applied Social
Research Methods. 3rdEdition, ISBN: 13-9781412980449, Thousand Oaks, Calif: Sage Publications
Hyde, D. (2009). A Survey on the security of virtual machines. Security and Privacy, IEEE.
Kothari, C. R. (2004). Research methodology: methods and techniques, 2nd Edition, ISBN: 978-81-224-2488-1, pp: 33 – 50, New Age International Publishers, India
Kumar, R. (2011). Research methodology: A stepby-step guide for beginners. 3rd edition, ISBN: 978-1-84920-300-5, pp: 80 – 85, Sage
Publications, California
Mahjani, M.(2015). Security issues of virtualization in cloud computing environments. Master Thesis for award of Master of Science in Information Security degree at Lulea University of Technology, Sweden. 62pp.
Malla, M. (2017). The top 5 trends in cloud and virtualization testing for 2017. Spirent predictions.
[http://vmblog.com/archive/2017/01/09/spiren t-2017-predictions-the-top-5-trends-in-cloudand-virtualization-testing-for-
aspx#.Wo64WzNRWiM] site visited on
/06/2017
McCafferty, D. (2014). Useful virtualization stats, trends and practices. IT Strategy article, CIOInsight, [hhttps://www.cioinsight.com/itstrategy/cloudvirtualization/slideshows/usefulvirtualization-stats-trends-and-practices.html]. Accessed online 14/04/2017
Merrill, D. and Heffernan M. (2011). Hypervisor economic-A framework to identify, measure and reduce the cost of virtual machines.
Hitachi Data Systems,
[https://www.vmware.com/content/dam/digita lmarketing/vmware/en/pdf/partners/hitachi/v mware-hypervisor-economics.pdf] site visited on 15/06/2017
Nazir, S. and Lazarides, M. (2016). Securing industrial control systems on a virtual platform-How to best protect the vital virtual business assetsâ€, White Paper, FIRSTCo
Obasuyi, G. C and Sari, A. (2015), Security challenges of virtualization hypervisors in virtualized hardware environment. Int. J. Communications, Network and System Sciences, Vol. 8.,pp. 260-273,
http://dx.doi.org/10.4236/ijcns.2015.87026
Popek, G. J. and Goldberg, R. P. (1974). Formal requirements for virtualizable third generation architectures Communications of ACM,
(7), pp. 412-421.
Rachana, S. C. and Guruprasad, H. S. (2014),Securing the virtual machines. International Journal of Computer Technology & Applications (IJCTA), ISSN: 2229 – 6093, Vol. 5 (3), pp. 1012-1019
Ramana, V. V., Reddy, Y. S., Reddy, G. R. S., and Ravi, P. (2015). An assessment of virtual machineassails. International Journal of Advanced Technology in Engineering and Science, www.ijates.com, Vol. 03, Issue No.
, ISSN: 2348 – 7550, pp. 315–320
Silverman, D. (2010). Doing qualitative research– A practical handbook. 3rd edition, ISBN: 9781-84860-033-1, Sage Publications Ltd, Thousand Oaks, California, US
Tsai, P. (2016). Server virtualization and OS trends. Network Article,
[https://community.spiceworks.com/networki ng/articles/2462-server-virtualization-and-ostrends] site visited on 14/04/2017
Vagias, W. M. (2006). Likert-type scale response anchors. Clemson International Institute for
Tourism & Research Development, Department of Parks, Recreation and Tourism Management, Clemson University.
Wueest, C. (2014). Threats to Virtual Environments. Security Response, Symantec, pp. 18
Yauri, B. A. and Abah, J. (2016). Mitigating Security Threats in Virtualized Environments. International Journal of Computer Science and Network Security, Vol.16 No.1
