Virtual Machine Monitoring (VMM) is a software program that enables the creation, management and governance of virtual machines (VM) and manages the operation of a virtualized environment on top of a physical host machine.
When VM Monitoring is enabled, the VM Monitoring service evaluates whether each virtual machine is in the cluster and up and running by checking for regular heartbeats and I/O activity from the processes running inside the guest. If there are no heartbeats or I/O activity received, this is probably because the guest operating system has failed. In this case, VM Monitoring service determines that the virtual machine has failed, and the virtual machine is rebooted to restore service.
Monitoring of the virtual machines with high security is always important, especially in the environments with hundreds of machines running on dozens of physical servers. There are several security challenges in Virtual Machine Monitoring.
SaaS security challenges:
• Hypervisor security challenges
• Cross-side channel attacks between VMs.
Security issues in cloud environment:
Resources, such as servers, networks, and so on, are provided by IaaS in the form of virtualized systems. These systems are accessed through the Internet. The biggest security threats to cloud are:
• Data breaches
• Data loss with no back up
• Insider threats
• DDoS attacks
• Insecure APIs
• Account hijacking
Cross VM Side channel attacks:
Attackers can use security gaps to attack any component that may have an effect on other components. Attacks can take place through the major vulnerabilities identified in hypervisors.
• VM Hopping is an attack that can have an effect on denial of service, which makes resources unavailable to the user.
• VM Escape is a vulnerability that allows guest-level VM to attack its host.
• VM Mobility is when a VM can move from one physical host to another.
• Encryption and key management
• Encryption of data-at-rest (encrypting the data on desk storage that protects data from illegal usage)
• Encryption of data-at-transit (encrypting the confidential information such)
• Encryption of data on backup media (external or internal storage)
• Access control mechanisms
• Virtual trusted platform module (vTPM)
• Each VM has its associated vTPM instance that emulates the TPM functionality to extend the chain of trust from the physical TPM to each vTPM via careful management of signing keys and certificates.
• Virtual firewall (VF)
• It is a service running in virtualized environment which provides usual packet filtering and monitoring services that a physical firewall provides.
• Trusted virtual domains
• It is a security technique that groups the related VMs running on separate physical machine into a single network domain with a unified security policy.