Michael Klim – Online Privacy Guide: Protecting your privacy is to protect your freedom. » Podcast
from Online Privacy Guide: Protecting your privacy is to protect your freedom. » Podcast
Price: USD 0
View Details about Michael Klim
A number of security research projects have been undertaken into gaining an insight into the security vulnerabilities associated with platform specific virtualisation technologies and / or the hosting of one operating system environment on another. There has arguably been less focused research into resource specific virtualisation issues, and the allocation of specific system resources (e.g. storage and memory areas, name spaces etc.). The race for the discovery of undisclosed security vulnerabilities and software bugs with popular platform virtualisation environments (most notably those produced by VMWare Inc.) has led to a situation whereby physical virtualised resources have been largely stricken from the collective consideration of the security research community.
In this series of six independent technical articles from Orthus we will present an overview of much of the platform focused research that has already been undertaken, what differentiates this from resource specific issues and considerations. As increased numbers of enterprises move towards adoption of virtualised resource technologies, and infrastructure associated with critical national security and industrial control systems also adopt these technologies, the risk exposures increase, and it is of vital significance that security research efforts are focused upon these technologies.
Many modern computing environments are sufficiently powerful to support the use of platform virtualisation technologies to facilitate the deployment of virtual machine instances which utilise a separate Operating System. Depending upon deployment requirements (and indeed the hardware and software vendors selected to facilitate such deployments) a platform specific virtualised environment may consist of some (or all) of the following components: virtual machine instances, guest and host Operating Systems, virtual machine monitors (VMMs), the virtual machine environment (VME) itself, in addition to hardware.
A variety of protection mechanisms may also be employed which range from hypervisors to appliances. As discussed in the abstract, a considerable amount of focused security research has been undertaken concerning platform virtualisation technologies however as of the time of writing, little attention has been directed towards virtualised resource platforms. This is not to imply that these technologies are not receiving the attentions of researcher owing to the rarity of their deployment.
The use of virtualised resources is a growing trend, and they can be found operating in many computing environments, including the financial, governmental, health care, and military sectors. Additionally, popular vendors of SCADA based systems and software, PROCSYS and Wonderware allow for their technologies to be scaled and deployed within virtual resources.
A number of specific business drivers may be utilised when making the decision to deploy virtualised resources, however there is a common misconception that the deployment of such assets will lead to increased productivity and reduced costs. Regardless of deployment drivers, the use of virtualised resources and a move away from the notion of network based computing models (e.g. the computer is the network, and the network is at its best, when distributed) is a growing trend that has arguably received little attention from security researchers to date.
Most technical and business staff in enterprise environments understand the difficulties inherent in securing distributed environments, however the ugly kernel remains that in relation to virtualised resources the scope and impacts of security threats are rarely fully understand and addressed.
SECURITY IN VIRTUALISED ENVIRONMENTS
Prior to discussing the security threats and vulnerabilities that face virtualised technologies (be they platform or resource specific) the elements that constitute a secure environment should first be considered. Virtualised technologies arguably have a number of distinct elements that need to exist for them to be classified as secure. A number of researchers have focused their attentions towards defining these, most notably, Reiner Sailer et al of IBM, in the paper ‘sHype: Secure Hypervisor Approach to Trusted Virtualized Systems’[i].
A number of constituent security goals are defined by Sailer at al, as forming secure virtualised environments, namely:
Strong isolation guarantees between multiple partitions Controlled sharing (communication and co-operation) among partitions Platform and partition integrity guarantees Platform and partition content attestation Resource accounting and control Secure services (e.g. auditing)
These elements are an excellent starting point however they disregard a number of key requirements from a security perspective. Although Sailer et al recognise the need for isolation and separation between virtual machine partitions this should arguably also be applied to processes and users. From a security perspective it is also imperative to ensure that not only is controlled sharing enforced for partitions but also those resources they may access (such as memory).
Additionally, although the necessity of auditing is recognised, the value of virtualisation lies in its inherent flexibility and, and this too should be considered especially with regards secure and scaleable deployments. Regardless of the theory of what constitutes a secure virtual machine environment, the reality remains that at present many environments are anything but.
A number of security research groups and individuals are conducting research into bypassing the security restrictions in place within virtual machine environments, and as highlighted in the abstract for this paper this has proved a fertile area. A number of security vulnerabilities have been highlighted in products issued by VMware Inc over recent years, and this is a trend that doubtless will continue. The VMware product suite (i.e. VMware Server, VMware Player, VMware Workstation etc.) or elements thereof, is widely deployed in many environments, and importantly comparatively inexpensive to obtain. Regardless of the individual vendor however, virtualised platform specific vulnerabilities can loosely be classed into three major groupings, namely:
Virtual machine / environment detection Virtual machine / environment protection bypasses Virtual machine /environment destruction
In our next and second article of six we will explore how the first of these j
[i] sHype: Secure Hypervisor Approach to Trusted Virtualized Systems; Reiner Sailer, Enriquillo Valdez, Trent Jaeger, Roland Perez, Leendert van Doorn, John Linwood Griffin, Stefan Berger. IBM Research Division. February 2005.
Sean Bennett is Commercial Director at Orthus, a leading professional services firm focused on helping organisations globally to manage risk and secure technical environments. If you need any advice or assistance with securing your virtualised platform visit www.orthus.com
Article from articlesbase.com
Democracy, Up Close and Personal: A Pocket Guide to the U.S. Constitution
New York, NY (PRWEB) February 7, 2011
What does the Constitution mean? It is the cornerstone of our democracy, but many of the available portable versions don’t include the information to help us understand it. Pearson’s new A Pocket Guide to the U.S. Constitution, by Andrew B. Arnold, remedies this situation by explaining, in straightforward terms, the significance and history of each clause and amendment. In a portable format, readers are equipped with the knowledge and vocabulary necessary to pursue in more depth the topics that interest them most.
The Constitution gains much of its meaning through the ways that it has been interpreted by the Supreme Court, and A Pocket Guide lists the key opinions that give the document’s provisions the force of specific law. Focusing on how the meaning of the Constitution has changed through history in response to a changing nation, Arnold explains the Commerce Clause, the Takings Clause, the Establishment Clause, and the other named clauses that many politicians, news writers, and professors assume Americans already understand.
“The Constitution is not just a matter of scholarly or legal debate; it is part of the way Americans live, and many of the available versions leave out the names of articles, sections, and clauses,” said Arnold. “This book does not tell readers what the Constitution ought to mean, but what it has meant. It is a place to begin to understand the U.S. Constitution, and a guide to answer basic questions that arise day to day, or in a classroom, or in the course of reading more in-depth books on the subject.”
About the Author
Andrew B. Arnold teaches Constitutional History at Kutztown University of Pennsylvania, as well as other courses. A specialist in U.S. labor and business history, his ongoing research focuses on the Gilded Age coal and railroad industries. Early in his career, he was asked to develop an advanced college-level course in Constitutional History. Frustrated by the lack of a basic, pocket-sized reference for his students, he wrote this book to help them gain a mastery of the Constitution as a document in itself.
About Pearson Learning Solutions
Pearson Learning Solutions is a business unit within Pearson (NYSE: PSO) the world’s leading learning company. As an education partner and consultant to higher education institutions, Pearson Learning Solutions is committed to designing total, client-driven education solutions. We are a team of world-class education experts, instructional designers, curriculum development experts, education course writers, development editors and experienced textbook publishers. We tailor solutions to each institution’s individual needs, including off-the-shelf online, in-classroom or blended courses, or fully customized curriculum development. We also provide a range of technology tools and learning platforms to help students, faculty and institutions succeed. For more information, visit http://www.pearsonlearningsolutions.com/.
, Vocus PRW Holdings, LLC.
Vocus, PRWeb, and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.
Related The Constitution Press Releases
Freedom of Information eBay auctions you should keep an eye on:
[wprebay kw=”freedom+of+information” num=”20″ ebcat=”-1″]
[wprebay kw=”freedom+of+information” num=”21″ ebcat=”-1″]
[wprebay kw=”freedom+of+information” num=”22″ ebcat=”-1″]
The first and only one of its kind, the Abu Dhabi Job Guide walks you through searching, preparing, applying and securing a job in Abu Dhabi to start building a brighter and more secure future for you and your family.
Securing a Job in Abu Dhabi – The Abu Dhabi Job Guide
Tax Guide for Internet Marketers, Affiliates, Ecommerce, Drop Shippers, Domainers, Domain Investors, Domain Traders. Don’t get hit with a huge Tax Bill that could have been avoided! Don’t get forced to hold a Fire Sale to get out of a tax jam!
Internet Marketing Tax Guide
Home security, Alarm Systems, Security Cameras, Security Video Systems, door security, Locks and much more, Secret Hidden Bookcase Door how to build plans, Home Security guide designed To Protect Homeowners and real estate. Baby child Safety Guide.
Ultimate Guide To Home Security and Alarm Systems.
How To Slash Your Taxes Quickly, Easily And Legally.
Ultimate Tax Reduction Guide.