Problem solve Get help with specific problems with your technologies, process and projects.

Can virtualized applications interact without permission?

If a guest OS in a virtualized system is compromised, it could theoretically go through the hypervisor layer and compromise the rest of the guest operating systems. But what about an environment with virtualized applications?

From my understanding, if a guest OS in a virtualized system is compromised, it could theoretically go through the hypervisor layer and get to the rest of the guest operating systems and compromise those as well. In an environment with virtualized applications, would the applications be able to interact with each other without explicit permission in any way?
Let's take a few seconds and look back at the virtual machine (VM) escape techniques we have seen in the past few years. First, attacks targeted the devices that Qemu, a processor emulator, created for the virtual OS, including video and network cards. Shortly after the Qemu escapes, a VMware virtual machine escape was demonstrated by researchers Ed Skoudis and Tom Liston at the SANS Institute's 2007 SANSFIRE conference. And recently, there were virtual machine escape attacks incorporated into Core Impact, a commercial penetration testing application developed by Core Security Technologies Inc. So, virtual machine escape is no longer theoretical; there are practical attacks currently available in the wild.

All of the above attacks focus on gaining access to the host machine. Once accomplished, an attacker has the ability to access all of the guest operating systems and applications being hosted.

So now let's look at application virtualization. Application virtualization focuses on virtualizing applications and the necessary operating system components for the app to function. While I think that the technology helpfully reduces the attack surface available to an attacker, many of the same attack and escape vectors will remain.

What we must be cautious of is falling into the same trap that many security professionals were caught in with virtual machines. Just because no exploits are currently available for virtualized applications, it does not mean one will not surface in the near future. Development of our architectures in such a fashion -- where our public and sensitive data is hosted on different host machines -- is necessary. The arrangement would prevent a compromise on a public system or the exposing of sensitive data from a virtualized application.

More information:

  • Learn how well virtualization technology defends against malware.
  • What is application virtualization? Get this IT definition and many others from Whatis.com.
  • This was last published in October 2008

    Dig Deeper on Virtualization security issues and threats

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.