Can virtualized applications interact without permission?

Can virtualized applications interact without permission?

From my understanding, if a guest OS in a virtualized system is compromised, it could theoretically go through the hypervisor layer and get to the rest of the guest operating systems and compromise those as well. In an environment with virtualized applications, would the applications be able to interact with each other without explicit permission in any way?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Let's take a few seconds and look back at the virtual machine (VM) escape techniques we have seen in the past few years. First, attacks targeted the devices that Qemu, a processor emulator, created for the virtual OS, including video and network cards. Shortly after the Qemu escapes, a VMware virtual machine escape was demonstrated by researchers Ed Skoudis and Tom Liston at the SANS Institute's 2007 SANSFIRE conference. And recently, there were virtual machine escape attacks incorporated into Core Impact, a commercial penetration testing application developed by Core Security Technologies Inc. So, virtual machine escape is no longer theoretical; there are practical attacks currently available in the wild.

All of the above attacks focus on gaining access to the host machine. Once accomplished, an attacker has the ability to access all of the guest operating systems and applications being hosted.

So now let's look at application virtualization. Application virtualization focuses on virtualizing applications and the necessary operating system components for the app to function. While I think that the technology helpfully reduces the attack surface available to an attacker, many of the same attack and escape vectors will remain.

What we must be cautious of is falling into the same trap that many security professionals were caught in with virtual machines. Just because no exploits are currently available for virtualized applications, it does not mean one will not surface in the near future. Development of our architectures in such a fashion -- where our public and sensitive data is hosted on different host machines -- is necessary. The arrangement would prevent a compromise on a public system or the exposing of sensitive data from a virtualized application.

More information:

  • Learn how well virtualization technology defends against malware.
  • What is application virtualization? Get this IT definition and many others from Whatis.com.

    • This was first published in October 2008