Security consideration for virtualization

by Carl Gebhardt and Allan Tomlinson

Abstract:

Virtualization is not a new technology, but has recently experienced a resurgence
of interest among industry and research. New products and technologies are emerging
quickly, and are being deployed with little considerations to security concerns. 
It is vital to understand that virtualization does not improve security by default. 
Hence, any aspect of virtualization needs to undergo constant security analysis 
and audit. Virtualization is a changeable and very dynamic field with an uncertain
outcome. In this paper we outline the security model of hypervisors and illustrate 
the significance of ongoing security analysis by describing different state of the 
art threat models. Finally, we provide recommendations and design considerations 
for a more secure virtual infrastructure.