« Previous 1 2 3
Avoiding KVM configuration errors
Active Separation
A Study as a Source
The security of KVM-based virtualization can certainly be considered highly complex, which is why I have only singled out a few, albeit very central, issues. The material comes from a 2016 security analysis performed by OpenSource Security Ralf Spenneberg [8] on behalf of The German Federal Office for Information Security [9]. The company not only investigated the security of KVM itself, but also of its ecosystem, consisting of Qemu and libvirt, as well as network-based data storage with Ceph and GlusterFS. The study is due to be published soon.
Infos
- KVM: https://www.linux-kvm.org
- Qemu: http://www.qemu-project.org
- "Passing Host PCI Devices Through to the KVM Guest" by Oliver Rath, Hans-Peter Merkel, and Markus Feilner. Linux Pro Magazine , issue 114, May 2010, pg. 46
- libvirt: http://libvirt.org
- "KSM (Kernel Samepage Merging)" by Christoph Mitasch, https://www.thomas-krenn.com/en/wiki/KSM_(Kernel_Samepage_Merging)
- "Wait a minute! A fast, cross-VM attack on AES" by Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar, https://eprint.iacr.org/2014/435.pdf
- MacVTap: http://virt.kernelnewbies.org/MacVTap
- OpenSource Security Ralf Spenneberg: https://opensource-security.de (in German)
- The German Federal Office for Information Security: https://www.bsi.bund.de/EN/TheBSI/thebsi_node.html @IE
« Previous 1 2 3
Buy this article as PDF
Express-Checkout as PDF
Price $2.95
(incl. VAT)
(incl. VAT)