<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article  PUBLIC "-//NLM//DTD Journal Publishing DTD v3.0 20080202//EN" "http://dtd.nlm.nih.gov/publishing/3.0/journalpublishing3.dtd"><article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" dtd-version="3.0" xml:lang="en" article-type="research article"><front><journal-meta><journal-id journal-id-type="publisher-id">IJCNS</journal-id><journal-title-group><journal-title>International Journal of Communications, Network and System Sciences</journal-title></journal-title-group><issn pub-type="epub">1913-3715</issn><publisher><publisher-name>Scientific Research Publishing</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.4236/ijcns.2015.87026</article-id><article-id pub-id-type="publisher-id">IJCNS-58076</article-id><article-categories><subj-group subj-group-type="heading"><subject>Articles</subject></subj-group><subj-group subj-group-type="Discipline-v2"><subject>Computer Science&amp;Communications</subject></subj-group></article-categories><title-group><article-title>
 
 
  Security Challenges of Virtualization Hypervisors in Virtualized Hardware Environment
 
</article-title></title-group><contrib-group><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>abriel</surname><given-names>Cephas Obasuyi</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref><xref ref-type="corresp" rid="cor1"><sup>*</sup></xref></contrib><contrib contrib-type="author" xlink:type="simple"><name name-style="western"><surname>Arif</surname><given-names>Sari</given-names></name><xref ref-type="aff" rid="aff1"><sup>1</sup></xref><xref ref-type="corresp" rid="cor1"><sup>*</sup></xref></contrib></contrib-group><aff id="aff1"><addr-line>The Management Centre of the Mediterranean, Nicosia, Cyprus</addr-line></aff><author-notes><corresp id="cor1">* E-mail:<email>gabrielcobasui@gmail.com(ACO)</email>;<email>arifsari@acm.org(AS)</email>;</corresp></author-notes><pub-date pub-type="epub"><day>17</day><month>07</month><year>2015</year></pub-date><volume>08</volume><issue>07</issue><fpage>260</fpage><lpage>273</lpage><history><date date-type="received"><day>16</day>	<month>January</month>	<year>2015</year></date><date date-type="rev-recd"><day>accepted</day>	<month>14</month>	<year>July</year>	</date><date date-type="accepted"><day>17</day>	<month>July</month>	<year>2015</year></date></history><permissions><copyright-statement>&#169; Copyright  2014 by authors and Scientific Research Publishing Inc. </copyright-statement><copyright-year>2014</copyright-year><license><license-p>This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/</license-p></license></permissions><abstract><p>
 
 
  The concept of virtualization machines is not new, but it is increasing vastly and gaining popularity in the IT world. Hypervisors are also popular for security as a means of isolation. The virtualization of information technology infrastructure creates the enablement of IT resources to be shared and used on several other devices and applications; this increases the growth of business needs. The environment created by virtualization is not restricted to any configuration physically or execution. The resources of a computer are shared logically. Hypervisors help in virtualization of hardware that is a software interact with the physical system, enabling or providing virtualized hardware environment to support multiple running operating system simultaneously utilizing one physical server. This paper explores the benefits, types and security issues of Virtualization Hypervisor in virtualized hardware environment.
 
</p></abstract><kwd-group><kwd>Virtualization</kwd><kwd> Hypervisors</kwd><kwd> Virtual Machine</kwd><kwd> Virtual Machine Monitor</kwd><kwd> Security</kwd></kwd-group></article-meta></front><body><sec id="s1"><title>1. Introduction</title><p>Virtual machine (VM) has been in existence since 1960s when IBM made the first ever VM to enable repeated interface access to a mainframe computer. Then each VM was an instance of the physical machine. It was a transparent way of enabling time-sharing and resource sharing on expensive hardware. The emerging of multiprocessing and cheaper hardware in the 1970s and 1980s almost pushed VM out of the IT world.</p><p>The increased demand for IT resources has created a vast predicament of deploying and managing IT resources in a larger scale. Cloud computing has transformed the way people use computers and how services are run. The Cloud Service Providers (CSP) are able to provide IT infrastructures to meet the demand from the cloud users by simply leasing infrastructure from the infrastructure provider. This is achieved by the infrastructure provider using virtualization, where customers of the cloud service share the same physical services that are virtualized logically. Hypervisor can be run in two ways: It can run directly on the hardware this is called the (Type-1 or the bare-metal virtualization) or it can run on top of a host machine operating system this is known as the (Typw-2 or hosted virtualization) [<xref ref-type="bibr" rid="scirp.58076-ref1">1</xref>] . The native or bare-metal hypervisor is more robust, efficient and delivers greater scalability more than a hosted hypervisor, this is because the bare-metal hypervisor has direct access to the hardware resource of the host machine rather being on top of the host machine operating system. There are a number of ways of implementing virtualization, two approaches stand out which is the Full virtualization (FV) and the Para-virtualization (PV) [<xref ref-type="bibr" rid="scirp.58076-ref2">2</xref>] . Among the different commercial Hypervisors available the XEN hypervisor or virtualization solution can host both the Full and Para-virtualization [<xref ref-type="bibr" rid="scirp.58076-ref2">2</xref>] [<xref ref-type="bibr" rid="scirp.58076-ref3">3</xref>] . The purpose of this paper is to carefully study the security issues of Virtualization Hypervisor, the types, its implementation and benefit.</p><p>This paper is organized as follows: Section 2 describes virtualization hypervisors together with its implementation; Section 3 discusses the types of hypervisor and shows comparison of various commercial hypervisor; Section 4 presents the types of virtualization; Section 5 highlights several advantages of virtualization, while Section 6 shows the security features of virtualization, and finally a conclusion.</p><p>Hypervisor also known as Virtual Machine Monitor (VMM), is the basic software for providing virtualization. Virtualization creates the environment for various operating system to run on a single node or host computer or machine. The main purpose of the hypervisor (VMM) is to monitor the Virtual Machine (VM) that runs above the VMM. This enables more than one guest machine to utilize the hardware resources of a single host machine [<xref ref-type="bibr" rid="scirp.58076-ref4">4</xref>] . Hypervisors are classified into two: Native or Bare Metal, and Hosted hypervisors. Virtualization through the implementation of VMM reduces cost, space requirement etc. There are various model of virtualization available but it all depends on the hypervisors role. The unique security features and pros of virtualization has increased the research line in virtualization [<xref ref-type="bibr" rid="scirp.58076-ref5">5</xref>] -[<xref ref-type="bibr" rid="scirp.58076-ref14">14</xref>] . Several implementations of Virtual Machine have been seen to monitor and protect operating system kernel such as: Livewire which is applied for monitoring of Malware detection [<xref ref-type="bibr" rid="scirp.58076-ref5">5</xref>] -[<xref ref-type="bibr" rid="scirp.58076-ref15">15</xref>] , SecVisor [<xref ref-type="bibr" rid="scirp.58076-ref13">13</xref>] -[<xref ref-type="bibr" rid="scirp.58076-ref15">15</xref>] , NICKLE [<xref ref-type="bibr" rid="scirp.58076-ref11">11</xref>] -[<xref ref-type="bibr" rid="scirp.58076-ref15">15</xref>] , VMwatcher [<xref ref-type="bibr" rid="scirp.58076-ref2">2</xref>] -[<xref ref-type="bibr" rid="scirp.58076-ref15">15</xref>] , Lares [<xref ref-type="bibr" rid="scirp.58076-ref4">4</xref>] -[<xref ref-type="bibr" rid="scirp.58076-ref15">15</xref>] , HookSafe [<xref ref-type="bibr" rid="scirp.58076-ref11">11</xref>] -[<xref ref-type="bibr" rid="scirp.58076-ref15">15</xref>] , and SIM [<xref ref-type="bibr" rid="scirp.58076-ref9">9</xref>] -[<xref ref-type="bibr" rid="scirp.58076-ref15">15</xref>] , they all utilize virtualization to protect the guest machines Operating system kernel integrity and the behavior of the kernel. Also some other utilizations of virtualization have been integrated into the debugging and analysis tool such as K-Tracer [<xref ref-type="bibr" rid="scirp.58076-ref6">6</xref>] - [<xref ref-type="bibr" rid="scirp.58076-ref15">15</xref>] , PoKer [<xref ref-type="bibr" rid="scirp.58076-ref8">8</xref>] - [<xref ref-type="bibr" rid="scirp.58076-ref15">15</xref>] , and After Sight [<xref ref-type="bibr" rid="scirp.58076-ref15">15</xref>] , they all examine the system and the kernel anomaly.</p><p><xref ref-type="fig" rid="fig1">Figure 1</xref> shows a virtual environment, where the hypervisor is right above the host hardware, and virtualizing guest machine with the full capability or more of the host machine.</p></sec><sec id="s2"><title>2. Virtualization Hypervisors</title><p>Virtualization enables or allows multiple applications or operations to gain access to the hardware resources/ software resources of the host machine. Virtualization is a layer between the hardware and the operating system</p><fig id="fig1"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref></label><caption><title> Virtualization architecture</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x5.png"/></fig><p>and it also provides access transparency. The hypervisors also known as the Virtual Machine Monitor (VMM), manages the applications and the operating system in general. There’s a path created by the VMM which allows multiple of the same operating system to run on the host machine as well with the hypervisor managing the resources among the various operating system hardware requirement. In [<xref ref-type="bibr" rid="scirp.58076-ref16">16</xref>] , Virtual Machine originated from the PR/SM hypervisor built for IBM 370 mainframes systems in 1970. In memory virtualization, an application or software in the computer gains access to more memory than what is originally installed physically, this way other IT infrastructures can also have memory virtualization to increase productivity, efficiency, and effectiveness of the corresponding application, such infrastructure includes: networks, storage, memory, server hardware, laptop hardware, operating system and applications alike. <xref ref-type="fig" rid="fig2">Figure 2</xref> shows a host machine before virtualization; it runs a single Operating system image per machine, software and hardware resources per machine, resource are not used fully, it is not flexible and costly infrastructures, and running of more than one instance of an application on the same machine often causes conflicts of applications.</p><p><xref ref-type="fig" rid="fig3">Figure 3</xref> depicts a computer that is virtualized, that can host more than one operating system in its virtualized environment, running at the same time, and virtual machines can be deployed on any system, and it doesn’t rely on the operating system nor hardware of the host.</p><fig id="fig2"  position="float"><label><xref ref-type="fig" rid="fig2">Figure 2</xref></label><caption><title> A machine before virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x6.png"/></fig><fig id="fig3"  position="float"><label><xref ref-type="fig" rid="fig3">Figure 3</xref></label><caption><title> A machine after virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x7.png"/></fig><p>Virtual infrastructure gives administration the upper hand in handling resources put together across the enterprise at large, allowing IT managers to focus and be more responsive to changing IT needs in an organization by utilizing the power of vitalization. Virtualization can be used and implemented in many ways among which are:</p><p>a) Server Consolidation: This combines or centralizes the workloads of various physical machines that are not fully used to lesser machines that can run safely and transparently over shared hardware infrastructure and also increase the overall utilization of the server from 5% - 15% to 60% - 80% [<xref ref-type="bibr" rid="scirp.58076-ref17">17</xref>] . <xref ref-type="fig" rid="fig4">Figure 4</xref>, illustrate the server consolidation virtualization, where different physical servers are virtualized into one physical server and then virtualized as different servers, increasing its efficiency, workability, speed etc.</p><p>b) Application Consolidation: This is giving legacy or outdated applications the environment to utilize new hardware and operating system by virtualizing the new hardware and providing access to other guest machines to utilize the application.</p><p>c) Multiple Execution: Virtualization can help create more than one environment for program or application execution ad also the quality of service can be increased by ensuring that specific amount of resources is allocated appropriately.</p><p>d) Virtual Hardware: The virtualization of hardware that is unavailable to users is achieved in virtualizing hardware. Examples of such hardware are: SCSI drivers, Virtual Ethernet Adapters, Virtual Ethernet Switches, and Hubs etc. as shown in <xref ref-type="fig" rid="fig5">Figure 5</xref>.</p><p>e) Debugging: The virtual environment can help in debugging of applications or software that are complicated such as an operating system or a device driver. This is achieved by allowing the user to execute the software in a virtualized environment with all the full control of the software available in the environment, giving the programmer or developer the perfect environment for debugging.</p><p>f) Multiple Simultaneous Operating System: Virtualization enables the facility of having and running more than one operating system simultaneously, and also having different applications according to the users demands as shown in <xref ref-type="fig" rid="fig6">Figure 6</xref>. The guest machine runs on the virtualized application or software that in turn runs above</p><fig id="fig4"  position="float"><label><xref ref-type="fig" rid="fig4">Figure 4</xref></label><caption><title> Server consolidation</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x8.png"/></fig><fig id="fig5"  position="float"><label><xref ref-type="fig" rid="fig5">Figure 5</xref></label><caption><title> Hardware virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x9.png"/></fig><fig id="fig6"  position="float"><label><xref ref-type="fig" rid="fig6">Figure 6</xref></label><caption><title> Multiple operating system virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x10.png"/></fig><p>the host machine operating system.</p><p>g) Business Continuity: This is achieved by putting the entire system files into a single file that can be replicated and restored on any server. This reduces downtime.</p><p>h) Sandboxing: Virtual Machine helps in providing secure and isolated environments for applications that are less trusted in the virtualized operating system. Virtualization helps in creating a secure computing environment.</p><p>i) Software Migration: This ease the migration or moving of software form one server to another, thereby helps mobility.</p><p>Virtualization has been part of the IT environment for decades. Today, Virtual Machine can be used in any system layer ranging from hardware, operating system, high-level languages virtualization etc.</p></sec><sec id="s3"><title>3. Types of Hypervisors</title><p>Hypervisors as stated earlier is a software that manages different operating system or different instances of the same operating system in one physical computer or host machine, has two distinct types namely: Type 1: Native or bare Metal and Type 2: Hosted hypervisors.</p><sec id="s3_1"><title>3.1. Type 1: Native or Bare Metal Hypervisor</title><p>These are software that run directly above the hardware of the host machine. It also monitors the operating system that runs directly above the hypervisor and also monitors the operating system that runs on the guest machine. This is because the guest machine operating system runs on a different or isolated level that is directly above the hypervisor. Examples are Oracle VM, Microsoft Hyper-V, VMWare ESX and Xen [<xref ref-type="bibr" rid="scirp.58076-ref18">18</xref>] , as shown in <xref ref-type="fig" rid="fig7">Figure 7</xref>.</p></sec><sec id="s3_2"><title>3.2. Type 2: Hosted Hypervisor</title><p>The hypervisor is hosted or installed on an already existing operating system and it houses other operating system that is above it. In this type of hypervisor, any problem occurring with the host operating system will affect guest machine operating system that is running on the hypervisor and also it affects the hypervisor itself, although sometime the hypervisor running above the operating system might be secured but the guest operating system wouldn’t be. As shown in <xref ref-type="fig" rid="fig8">Figure 8</xref>, the hosted operating system has an additional layer above it where the hypervisor resides and a third layer is above the hypervisor. Examples of such are Oracle VM Virtual Box, VM Ware Server and Workstation, Microsoft Virtual PC, KVM, QEMU and Parallels [<xref ref-type="bibr" rid="scirp.58076-ref18">18</xref>] - [<xref ref-type="bibr" rid="scirp.58076-ref20">20</xref>] .</p><p>The hosted architecture of hypervisor, relies on host operating system for device support and physical resource management.</p><fig id="fig7"  position="float"><label><xref ref-type="fig" rid="fig7">Figure 7</xref></label><caption><title> Native or bare metal hypervisor</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x11.png"/></fig><fig id="fig8"  position="float"><label><xref ref-type="fig" rid="fig8">Figure 8</xref></label><caption><title> Hosted hypervisor</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x12.png"/></fig><p>Originally hypervisors were developed to suit server platforms, later on the virtualization of Desktop, PC operating systems were achieved. A challenge that held the virtualization of PCs operating system was the virtualization of the x86 based CPU architecture [<xref ref-type="bibr" rid="scirp.58076-ref21">21</xref>] . In virtualization, the x86 based CPU architecture a VMM is required below the host machine operating system above the hardware. <xref ref-type="table" rid="table1">Table 1</xref> Shows different commercial hypervisors with common characteristics.</p></sec></sec><sec id="s4"><title>4. Types of Virtualization</title><p>There are numerous types of virtualization available in the IT world, in the cause of this research we are going to highlight some important ones that are currently applicable.</p><table-wrap id="table1" ><label><xref ref-type="table" rid="table1">Table 1</xref></label><caption><title> Various hypervisor comparison</title></caption><table><tbody><thead><tr><th align="center" valign="middle" >Hypervisor</th><th align="center" valign="middle" >Host OS</th><th align="center" valign="middle" >Guest OS</th><th align="center" valign="middle" >Type of Hypervisor</th></tr></thead><tr><td align="center" valign="middle" >Microsoft Hyper-V</td><td align="center" valign="middle" >Windows 2008 w/Hyper-v Role, Windows Hyper-V Server</td><td align="center" valign="middle" >Windows, SUSE</td><td align="center" valign="middle" >1</td></tr><tr><td align="center" valign="middle" >KVM</td><td align="center" valign="middle" >Linux</td><td align="center" valign="middle" >Linux, Windows</td><td align="center" valign="middle" >1 - 2</td></tr><tr><td align="center" valign="middle" >Xen</td><td align="center" valign="middle" >Linux, Solaris, NetBSD</td><td align="center" valign="middle" >BSD, Linux, Solaris, Windows</td><td align="center" valign="middle" >1</td></tr><tr><td align="center" valign="middle" >VMware ESX</td><td align="center" valign="middle" >None-bare-metal</td><td align="center" valign="middle" >Window, Linux, Novell, Netware, Sun Solaris, FreeBSD</td><td align="center" valign="middle" >1</td></tr></tbody></table></table-wrap><p>a) Hardware Virtualization: This is the creation of a Virtual Machine that acts in the way of a real computer operating system. The software that’s been installed is separate from the one on the hardware infrastructure [<xref ref-type="bibr" rid="scirp.58076-ref22">22</xref>] . For example, a host machine can virtualize a guest machine running on Linux operating system with the corresponding operating system software installed on it [<xref ref-type="bibr" rid="scirp.58076-ref23">23</xref>] .</p>Types of Hardware Virtualization<p>・ Full Virtualization: In this type of virtualization, a complete look-alike of the real hardware is virtualized to allow the software (consisting of guest operating system) to function without any modification [<xref ref-type="bibr" rid="scirp.58076-ref24">24</xref>] . As shown in <xref ref-type="fig" rid="fig9">Figure 9</xref>.</p><p>・ Partial Virtualization: In this type of virtualization, not all of the host machine hardware are actually simulated (having a look-alike). This causes some programs to be modified in the guest machine to run in the virtualized environment [<xref ref-type="bibr" rid="scirp.58076-ref24">24</xref>] . This is shown in <xref ref-type="fig" rid="fig1">Figure 1</xref>0.</p><p>・ Para-Virtualization: This does not emulate the hardware environment in the software, instead it does organize the access to hardware resources in aid of the virtual machine [<xref ref-type="bibr" rid="scirp.58076-ref25">25</xref>] . The para-virtualized type of hardware virtualization offers possible performance benefits when a guest machine operating system is running in the virtualized environment with modifications done to the guest that is been virtualized [<xref ref-type="bibr" rid="scirp.58076-ref26">26</xref>] . Example of para-virtualization software is the Xen Open Source Virtualization software [<xref ref-type="bibr" rid="scirp.58076-ref25">25</xref>] [<xref ref-type="bibr" rid="scirp.58076-ref26">26</xref>] . This is shown in <xref ref-type="fig" rid="fig1">Figure 1</xref>1.</p><p>a) Application Virtualization: This is the virtualization of applications in the host machine without modifying the host machine or the OS, File System, or Registry. With the application virtualization technology, organizations can easily deploy custom/commercial applications across the organization without installation conflicts, system changes etc. some benefits of application virtualization are:</p><p>・ It ensures faster spread of the software</p><p>・ Full Portability: Applications that are virtualized can be accessed and shared from any network without the aid of a local server.</p><p>・ Increased efficiency of application deployment</p><p>・ Supportability: Virtualized application does not require modifications of administrative or security permission for installation [<xref ref-type="bibr" rid="scirp.58076-ref27">27</xref>] .</p><p><xref ref-type="fig" rid="fig1">Figure 1</xref>2 shows how application is virtualized.</p><p>b) Operating System Virtualization: In this technology the host machine desktop is totally moved from the real or physical operating system into a virtualized environment. The host machine is physically present but the virtualized operating system is hosted in another server elsewhere. Users of the virtualized operating system can conduct various kind of modification on their copy of the visualized operating system without other virtualized OS been affected [<xref ref-type="bibr" rid="scirp.58076-ref28">28</xref>] . <xref ref-type="fig" rid="fig1">Figure 1</xref>3 depicts how a virtual operating system is achieved. The host machine houses the host operating system, while the virtualized software runs just above the host operating system, and the virtualized OS is deployed above the virtualization software.</p><p>c) Nested Virtualization: This virtualization architecture enables the deployment of a virtual machine within another virtual machine [<xref ref-type="bibr" rid="scirp.58076-ref29">29</xref>] that is the running of one or more hypervisor within another hypervisor [<xref ref-type="bibr" rid="scirp.58076-ref30">30</xref>] . In nested virtualization, the hypervisor that is on the host machine is known as Level 0 or L 0; the hypervisor that runs on the guest machine LO is known as Level 1 or L 1; while the hypervisor that runs on the L 1 is known as the Level 2 or L 2 [<xref ref-type="bibr" rid="scirp.58076-ref31">31</xref>] . <xref ref-type="fig" rid="fig1">Figure 1</xref>4 illustrates the nested virtualization whereby one machine can host several server virtually.</p><p>d) Memory Virtualization: Memory virtualization enables applications to take advantage of a shared memory</p><fig id="fig9"  position="float"><label><xref ref-type="fig" rid="fig9">Figure 9</xref></label><caption><title> Full virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x13.png"/></fig><fig id="fig10"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref>0</label><caption><title> Partial virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x14.png"/></fig><fig id="fig11"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref>1</label><caption><title> Para-virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x15.png"/></fig><fig id="fig12"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref>2</label><caption><title> Application virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x16.png"/></fig><fig id="fig13"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref>3</label><caption><title> Operating system virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x17.png"/></fig><fig id="fig14"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref>4</label><caption><title> Nested virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x18.png"/></fig><p>pool to increase overall performance, usability, memory efficiency usage, stability etc. The memory virtualization shares a large pool of physical memory from more than one machine logically or virtually for applications to use [<xref ref-type="bibr" rid="scirp.58076-ref32">32</xref>] . <xref ref-type="fig" rid="fig1">Figure 1</xref>5 shows memory virtualization process from the host machine to the guest machine and to the application running in the guest machine (virtualized machine).</p><p>Some benefit of memory virtualization includes [<xref ref-type="bibr" rid="scirp.58076-ref32">32</xref>] :</p><p>・ It improves the utilization of memory through the sharing of resources that are scarce.</p><p>・ It increases the overall efficiency and reduces the run time data intensive application.</p><p>・ It enables applications that run on various sever to share data without the reduction or decrease of the total memory needs.</p><p>・ It provides faster access and reduces latency.</p><p><xref ref-type="fig" rid="fig1">Figure 1</xref>6 shows how an operating system connects to a memory pool and make available the pool memory to applications [<xref ref-type="bibr" rid="scirp.58076-ref32">32</xref>] .</p></sec><sec id="s5"><title>5. Advantages of Virtualization</title><p>・ Security: A security breach on one of the virtual machines does not affect the other VM because of isolation. This is achieved by the different compact environment that have different or separate security measures in the</p><fig id="fig15"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref>5</label><caption><title> Memory virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x19.png"/></fig><fig id="fig16"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref>6</label><caption><title> Memory pool virtualization</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x20.png"/></fig><p>different guest machines.</p><p>・ Reliability and Availability: When there’s a software failure in one virtual machine or guest machine, it doesn’t affect other virtual machines.</p><p>・ Cost: Virtualization is cost effective by combining small servers to secure a more powerful server. The cost effectiveness of virtualization runs down to the hardware, operations (man power), floor space, and software licenses. The cost reduction created from virtual machine ranges from 29% to 64% [<xref ref-type="bibr" rid="scirp.58076-ref33">33</xref>] .</p><p>・ Adaptability to Workload Differences: In virtualization when workload changes or varies, the workload degree can be optimized easily by shifting the resources and priority allocations between or among virtual machines [<xref ref-type="bibr" rid="scirp.58076-ref33">33</xref>] . Processors can also be moved from one virtual machine to another [<xref ref-type="bibr" rid="scirp.58076-ref34">34</xref>] .</p><p>・ Load Balancing: The software state of a VM is relatively condensed by the hypervisor, this makes it possible for migration of the entire virtual machine to another platform, it improves load balancing [<xref ref-type="bibr" rid="scirp.58076-ref35">35</xref>] .</p><p>・ Legacy Applications: This enables the running of legacy applications on old OD in the guest machines. For example if an enterprise decides to migrate to a different OS, it is possible to maintain the old legacy applications on the old VM or guest machine.</p></sec><sec id="s6"><title>6. Virtualization Security</title><p>In a virtualized environment, various guest machines have liberated security zones which are not accessible from other VMs that also have their own security zone. Hypervisors also have their own security zone because it is the main controller of what happens inside the virtualization environment of the host machine. The functioning of a VM host can be affected by a hypervisor [<xref ref-type="bibr" rid="scirp.58076-ref36">36</xref>] . Multiple zones are available in a VM, all these zones occur within the same physical infrastructure. This can create a security problem when the hypervisor is attacked and is taken over by the attacker. When such attack is successful, the attacker gains full control over every data that’s in the hypervisor environment. Another security problem is the access of the hypervisor from a guest machine or a VM level [<xref ref-type="bibr" rid="scirp.58076-ref37">37</xref>] .</p><sec id="s6_1"><title>6.1. Abstraction</title><p>In Virtual Machine, the abstraction level adds additional security to the hypervisor. The OS restrict hardware access in VM by abstracting the hardware details. This is the reason why the same OS can be initiated on two machines with different configurations. VM creates an abstraction of the hardware and OS. <xref ref-type="fig" rid="fig1">Figure 1</xref>7 shows, the guest OS running inside a VM, can’t tell the host machine OS or hardware configuration at all.</p><p>Because hypervisors are much simpler in operation than the native or traditional OS, it is much easier to secure [<xref ref-type="bibr" rid="scirp.58076-ref38">38</xref>] .</p></sec><sec id="s6_2"><title>6.2. Isolation</title><p>The hypervisor create segments of the physical resources and isolates them allowing each guest machine to run self-sufficiently. If an attack occurs on the VM it wouldn’t affect other guest machines on the VMM or the host machine OS. The isolation of VM gives an additional level of security to the VM. When a Virtual Machine is compromised the hypervisor can restore the VM to an earlier state before the attack was done.</p></sec><sec id="s6_3"><title>6.3. State Restore</title><p>Virtual Machines are capable of restoring a guest OS to an earlier time. On a time interval VMs take snapshot of the content in the virtual disk. State restore helps to guarantee data integrity and act as a virus removal.</p></sec><sec id="s6_4"><title>6.4. External Monitoring</title><p>Virtual Machines run on separate hardware resource, this makes it possible to detect malicious software outside the VM unlike the physical installation of OS on a host, which requires an antivirus for protection. The hypervisor monitors the VM or a special Virtual machine that can view the systems activity and check for anomaly. <xref ref-type="fig" rid="fig1">Figure 1</xref>8 illustrates how a dedicated VM is used to monitor the activities of other VMs.</p><p>These dedicated monitors are used in intrusion detection system, integrity check, forensic analysis, etc. [<xref ref-type="bibr" rid="scirp.58076-ref39">39</xref>] .</p><p>Some other security benefits of virtualization are:</p><p>・ The centralized storage used in virtual machine environments prevents loss of data when a device is either</p><fig id="fig17"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref>7</label><caption><title> Abstraction of physical resources</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x21.png"/></fig><fig id="fig18"  position="float"><label><xref ref-type="fig" rid="fig1">Figure 1</xref>8</label><caption><title> Dedicated external monitor</title></caption><graphic mimetype="image"   position="float"  xlink:type="simple"  xlink:href="http://html.scirp.org/file/2-9701986x22.png"/></fig><p>lost or compromised.</p><p>・ Virtual Machine provides flexibility.</p><p>・ Reduction of physical hardware due to virtualization, reduces security risks because of few data centers.</p><p>・ Server virtualization can lead to better handling of threat due to its ability to roll back to a working state before the attack or threat occurred.</p><p>・ Desktop Virtualization helps to better control the virtualization environment. A better control of the OS is done using desktop virtualization to meet organizational needs.</p><p>・ Virtual Switches is not open to inter-switch link tagging attacks because they does not carry out dynamic trunking; double encapsulation packets are dropped by the virtual switch, this prevents the double encapsulation attacks; virtual switch does not allow data packets to live its route or domain so that brute force attack does not work on them.</p></sec></sec><sec id="s7"><title>7. Conclusions</title><p>Today IT has expanded, the cloud environment runs various virtual machines for their infrastructure and applications. We discussed on the various type of virtualization that are available in the virtual environment, of which some are: Hardware virtualization, Application Virtualization, Memory Virtualization, Operating System Virtualization etc. These types of virtualization help in the utilization of virtualized resources or infrastructure. Also, in this research we found out the types of hypervisors and how they are deployed in the virtualized environment; the Native or Bare Metal Hypervisor runs directly on the host machine hardware, and the Hosted Hypervisor runs on a traditional OS or the host machine OS. A comparative table was drawn to show the differences and similarities between some commercial hypervisors available.</p><p>Virtualization technologies deliver numerous vital features that make it a powerful tool to be used in a wide array of applications. Some of them are server consolidation, application sandboxing, access to varieties of hardware and OS, debugging, mobile computing, packaging (for appliances), testing, easy system administration, and quality of service. These important features gave virtualization a widespread research area in academia as well as industry. Our future research would focus on mainly on the security challenges of Virtualization Hypervisors and how these challenges can be solved correspondingly.</p></sec><sec id="s8"><title>Cite this paper</title><p>Gabriel CephasObasuyi,ArifSari, (2015) Security Challenges of Virtualization Hypervisors in Virtualized Hardware Environment. International Journal of Communications, Network and System Sciences,08,260-273. doi: 10.4236/ijcns.2015.87026</p></sec></body><back><ref-list><title>References</title><ref id="scirp.58076-ref1"><label>1</label><mixed-citation publication-type="other" xlink:type="simple">Gu, Z.H. and Zhao, Q.L. (2012) A State-of-the-Art Survey on Real-Time Issues in Embedded Systems Virtualization. Journal of Software Engineering and Applications, 5, 277-290. http://dx.doi.org/10.4236/jsea.2012.54033</mixed-citation></ref><ref id="scirp.58076-ref2"><label>2</label><mixed-citation publication-type="other" xlink:type="simple">VMWare (2007) Understanding Full Virtualization, Paravirtualization and Hardware Assist. http://www.vmware.com/files/pdf/VMware_paravirtualization.pdf</mixed-citation></ref><ref id="scirp.58076-ref3"><label>3</label><mixed-citation publication-type="other" xlink:type="simple">Fayyad-Kazan, H., Perneel, L. and Timmerman, M. (2013) Full and Para-Virtualization with Xen: A Performance Comparison. Journal of Emerging Trends in Computing and Information Sciences, 4, 719-727.</mixed-citation></ref><ref id="scirp.58076-ref4"><label>4</label><mixed-citation publication-type="other" xlink:type="simple">Expert Glossary. http://www.expertglossary.com/virtualization/definition/hypervisor</mixed-citation></ref><ref id="scirp.58076-ref5"><label>5</label><mixed-citation publication-type="other" xlink:type="simple">Riley, R., Jiang, X. and Xu, D. (2008) Guest-Transparent Prevention of Kernel Rootkits with VMM-Based Memory Shadowing. Proceedings of the 11th Recent Advances in Intrusion Detection, 5230, 1-20. http://dx.doi.org/10.1007/978-3-540-87403-4_1</mixed-citation></ref><ref id="scirp.58076-ref6"><label>6</label><mixed-citation publication-type="other" xlink:type="simple">Jiang, X., Wang, X. and Xu, D. (2007) Stealthy Malware Detection through VMM-Based “Out-Of-the-Box” Semantic View Reconstruction. Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA, 29 October-2 November 2007, 128-138. http://dx.doi.org/10.1145/1315245.1315262</mixed-citation></ref><ref id="scirp.58076-ref7"><label>7</label><mixed-citation publication-type="other" xlink:type="simple">Lanzi, A., Sharif, M. and Lee, W. (2009) K-Tracer: A System for Extracting Kernel Malware Behavior. Proceedings of the 16th Network and Distributed System Security Symposium, San Diego, February 2009, 83-91.</mixed-citation></ref><ref id="scirp.58076-ref8"><label>8</label><mixed-citation publication-type="other" xlink:type="simple">Payne, B.D., Carbone, M., Sharif, M.I. and Lee, W. (2008) Lares: An Architecture for Secure Active Monitoring Using Virtualization. Proceedings of the 29th IEEE Symposium on Security and Privacy, Oakland, CA, 18-22 May 2008, 233-247.</mixed-citation></ref><ref id="scirp.58076-ref9"><label>9</label><mixed-citation publication-type="other" xlink:type="simple">Rhee, J. and Xu, D. (2010) LiveDM: Temporal Mapping of Dynamic Kernel Memory for Dynamic Kernel Malware Analysis and Debugging. Tech. Rep. 2010-02, CERIAS.</mixed-citation></ref><ref id="scirp.58076-ref10"><label>10</label><mixed-citation publication-type="other" xlink:type="simple">Riley, R., Jiang, X. and Xu, D. (2009) Multi-Aspect Profiling of Kernel Rootkit Behavior. Proceedings of the 4th ACM European Conference on Computer Systems, Nuremberg, 1-3 April 2009, 47-60. http://dx.doi.org/10.1145/1519065.1519072</mixed-citation></ref><ref id="scirp.58076-ref11"><label>11</label><mixed-citation publication-type="other" xlink:type="simple">Seshadri, A., Luk, M., Qu, N. and Perrig, A. (2007) SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes. Proceedings of the 21st ACM Symposium on Operating Systems Principles, Stevenson, 14-17 October 2007, 335-350. http://dx.doi.org/10.1145/1294261.1294294</mixed-citation></ref><ref id="scirp.58076-ref12"><label>12</label><mixed-citation publication-type="other" xlink:type="simple">Sharif, M., Lee, W., Cui, W. and Lanzi, A. (2009) Secure In-VM Monitoring Using Hardware Virtualization. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, 9-13 November 2009, 477-487. http://dx.doi.org/10.1145/1653662.1653720</mixed-citation></ref><ref id="scirp.58076-ref13"><label>13</label><mixed-citation publication-type="other" xlink:type="simple">Wang, Z., Jiang, X., Cui, W. and Ning, P. (2009) Countering Kernel Rootkits with Lightweight Hook Protection. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, 9-13 November 2009, 545-554. http://dx.doi.org/10.1145/1653662.1653728</mixed-citation></ref><ref id="scirp.58076-ref14"><label>14</label><mixed-citation publication-type="other" xlink:type="simple">Yin, H., Liang, Z. and Song, D. (2008) HookFinder: Identifying and Understanding Malware Hooking Behaviors. Proceedings of the 16th Network and Distributed System Security Symposium, San Diego, 8-11 February 2008, 1-16.</mixed-citation></ref><ref id="scirp.58076-ref15"><label>15</label><mixed-citation publication-type="other" xlink:type="simple">Chow, J., Garfinkel, T. and Chen, P.M. (2008) Decoupling Dynamic Program Analysis from Execution in Virtual Environments. Proceedings of the 2008 USENIX Annual Technical Conference, Boston, 22-27 June 2008, 1-14.</mixed-citation></ref><ref id="scirp.58076-ref16"><label>16</label><mixed-citation publication-type="other" xlink:type="simple">Windows Server 2008 Hyper-V Technical Overview.http://www.google.com/url?sa=t&amp;source=web&amp;cd=1&amp;ved=0CBcQFjAA&amp;url=http%3A%2F%2Fdownlo 
ad.microsoft.com%2Fdownload%2F4%2F2%2Fb%2F42bea8d6-9c77-4db8-b405-6bffce59b157%2F 
HyperV%2520Technical%2520Overview.docx&amp;rct=j&amp;q=hyper%20technical%20overview&amp;ei=nARTZH 
9K_O10QHoneDfDg&amp;usg=AFQjCNFLYm3D9izTVMzHZ_Nbe87WtEbAVg&amp;cad=rja/</mixed-citation></ref><ref id="scirp.58076-ref17"><label>17</label><mixed-citation publication-type="other" xlink:type="simple">www.vmware.com.</mixed-citation></ref><ref id="scirp.58076-ref18"><label>18</label><mixed-citation publication-type="other" xlink:type="simple">https://docs.oracle.com/cd/E20065_01/doc.30/e18549/intro.htm.</mixed-citation></ref><ref id="scirp.58076-ref19"><label>19</label><mixed-citation publication-type="other" xlink:type="simple">Rosenblum, M. and Garnkel, T. (2005) Virtual Machine Monitors: Current Technology and Future Trends. Computer, 38, 39-47.</mixed-citation></ref><ref id="scirp.58076-ref20"><label>20</label><mixed-citation publication-type="other" xlink:type="simple">Zhao, X., Borders, K. and Prakash, A. (2009) Virtual Machine Security System. Advances in Computer Science and Engineering, 1, 339-365.</mixed-citation></ref><ref id="scirp.58076-ref21"><label>21</label><mixed-citation publication-type="other" xlink:type="simple">Wang, Z., Jiang, X.X., Cui, W.D. and Ning, P. (2009) Countering Kernel Rootkits with Lightweight Hook Protection. Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, 9-13 November 2009, 545-554. http://dx.doi.org/10.1145/1653662.1653728</mixed-citation></ref><ref id="scirp.58076-ref22"><label>22</label><mixed-citation publication-type="other" xlink:type="simple">Virtualization in Education. IBM, October 2007.</mixed-citation></ref><ref id="scirp.58076-ref23"><label>23</label><mixed-citation publication-type="other" xlink:type="simple">http://en.wikipedia.org/wiki/Virtualization</mixed-citation></ref><ref id="scirp.58076-ref24"><label>24</label><mixed-citation publication-type="other" xlink:type="simple">http://securitywing.com/types-virtualization-technology/</mixed-citation></ref><ref id="scirp.58076-ref25"><label>25</label><mixed-citation publication-type="other" xlink:type="simple">http://www.vmware.com/solutions/technology</mixed-citation></ref><ref id="scirp.58076-ref26"><label>26</label><mixed-citation publication-type="other" xlink:type="simple">www.vmware.com%2Ffiles%2Fpdf%2Fapplication-virtualization-vmware-thinapp.pdf</mixed-citation></ref><ref id="scirp.58076-ref27"><label>27</label><mixed-citation publication-type="other" xlink:type="simple">http://www.techadvisory.org/2013/07/4-types-of-virtualization-defined.</mixed-citation></ref><ref id="scirp.58076-ref28"><label>28</label><mixed-citation publication-type="other" xlink:type="simple">http://en.wikipedia.org/wiki/Virtualization#Desktop_virtualization.</mixed-citation></ref><ref id="scirp.58076-ref29"><label>29</label><mixed-citation publication-type="other" xlink:type="simple">http://wiki.xenproject.org/wiki/Nested_Virtualization_in_Xen</mixed-citation></ref><ref id="scirp.58076-ref30"><label>30</label><mixed-citation publication-type="other" xlink:type="simple">VMware, Consolidating Mission Critical Servers. www.vmware.com/solutions/consolidation/mission critical.html</mixed-citation></ref><ref id="scirp.58076-ref31"><label>31</label><mixed-citation publication-type="other" xlink:type="simple">http://en.wikipedia.org/wiki/Memory_virtualization</mixed-citation></ref><ref id="scirp.58076-ref32"><label>32</label><mixed-citation publication-type="other" xlink:type="simple">Wasserman, O. and Hat, R. (2013) Nested Virtualization: Shadow Turtles. KVM Forum.</mixed-citation></ref><ref id="scirp.58076-ref33"><label>33</label><mixed-citation publication-type="other" xlink:type="simple">Uhlig, R., Neiger, G., Rodgers, D., Santoni, A.L., Martins, F.C.M., Anderson, A.V., et al. (2005) Intel Virtualization Technology. Computer, 38, 48-56. http://dx.doi.org/10.1109/mc.2005.163</mixed-citation></ref><ref id="scirp.58076-ref34"><label>34</label><mixed-citation publication-type="other" xlink:type="simple">Texiwill, G. (2009) Is Network Security the Major Component of Virtualization Security?</mixed-citation></ref><ref id="scirp.58076-ref35"><label>35</label><mixed-citation publication-type="other" xlink:type="simple">Bennani, M.N. and Menasce, D.A. (2005) Resource Allocation for Autonomic Data Centers Using Analytic Performance Models. Proceedings of the 2005 IEEE International Conference on Autonomic Computing, Seattle, 13-16 June 2005, 224-240. http://dx.doi.org/10.1109/icac.2005.50</mixed-citation></ref><ref id="scirp.58076-ref36"><label>36</label><mixed-citation publication-type="other" xlink:type="simple">Sarna, D.E.Y. (2011) Implementing and Developing Cloud Computing Applications. Taylor and Francis Group, LLC, CRC Press, Boca Raton.</mixed-citation></ref><ref id="scirp.58076-ref37"><label>37</label><mixed-citation publication-type="other" xlink:type="simple">Litty, L. (2005) Hypervisor-Based Intrusion Detection. Master’s Thesis, Department of Computer Science, University of Toronto, Toronto.</mixed-citation></ref><ref id="scirp.58076-ref38"><label>38</label><mixed-citation publication-type="other" xlink:type="simple">Sabahi, F. (2011) Intrusion Detection Techniques Performance in Cloud Environments. Proceedings of the Conference on Computer Design and Engineering, Kuala Lumpur, 12-14 August 2011, 398-402.http://dx.doi.org/10.1115/1.859797.paper64</mixed-citation></ref><ref id="scirp.58076-ref39"><label>39</label><mixed-citation publication-type="other" xlink:type="simple">Gu, Z.H. and Zhao, Q.L. (2012) A State-of-the-Art Survey on Real-Time Issues in Embedded Systems Virtualization. Journal of Software Engineering and Applications, 5, 277-290.</mixed-citation></ref></ref-list></back></article>