We found the following possible security threats in virtualized environments that are emerging .

The first is called the Blue Pill. This occurs when a virtual machine masquerades as a hypervisor by installing itself on a host machine. As a result, resource allocations and interactions between virtual OS instances are controlled by the virtual machine acting as an imposter.

Another threat is called SubVirt, which is a VM rootkil that positions itself on the physical machine. It then monitors and records the activity of the VM. As a result, it disguises when the system is compromised and also may involve other threatening programs like spyware or keystroke loggers.

The third threat is Denial-of-Service. This is a virtual machine infrastructure attack that allows a single or multiple VMs to consume all of the resources that are contained within the host machine. Thus, these resources would not be available for other VMs.

The last threat is a Trojan. In this case, a hacker compromises the virtual machine manager, which allows them to control the applications and operating systems that are found on the machines, which is generally not addressed by anti-virus software (article link).

Based on the research we found, the responsibility to manage these threats should not only be on the consumer’s side but also with virtualization vendors. Companies that implement virtualization may be hesitant to implement their own comprehensive security measures because of the complexity involved and difficulty in managing risks yet unknown. Ideally, virtualization vendors and security professionals need to work hand in hand to address security in this ubiquitous environment.

In our next blog we will provide a consumer’s perspective on implementing virtualization.