Overheard: Word of the Day

A Whatis.com blog

» VIEW ALL POSTS Apr 29 2009   3:55PM GMT

VM escape – using the hypervisor as an attack vector



Posted by: Margaret Rouse
Tags:
botnet
DMZ
hypervisor
Security
Virtualization
zombie army
posey Granted, no virtual machine escape hacks exist today, but if the IT security experts are right and this type of attack is eventually developed, then virtualized servers in the DMZ are basically sitting ducks.

Brien M. Posey, Virtual servers no escape from IT security management concerns

Today’s WhatIs.com Word of the Day is virtual machine escape.  In theory, an attacker could get access to the hypervisor (if it was mis-configured or had some other vulnerability) and use it to control all the other virtual machines on the host.

Bob Plankers explains more in What is VM Escape?:

Since the hypervisor controls the execution of all of the virtual machines, an attacker that can gain access to the hypervisor can then gain control over every other virtual machine running on the host. Because the hypervisor is between the physical hardware and the guest operating system, an attacker will then be able to circumvent security controls in place on the virtual machine.

Can you image the power of a zombie army that included an almost infinite number of virtual machines?  An army that once established, had the power to create new soldiers (VMs) which one click?  Holy moly.  Big money there.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: