New computer network security threat identified

February 22, 2008

Large companies are vulnerable to hackers when they network their computers for cost-saving live virtual machine migration, University of Michigan researchers say.

Virtualization, which allows multiple operating systems, or "virtual machines" and their applications to share one physical server, has been possible for decades, but live virtual machine migration is relatively new.

It allows individual virtual machines to migrate among several servers throughout the day with little service downtime, equalizing the load on the servers as it fluctuates. The security of live virtual machine migration has not been studied extensively, but the set-up is common in large companies today.

Hackers could intercept data and compromise the integrity of a virtual machine's operating system during live migration, said Jon Oberheide, a doctoral candidate in the electrical engineering and computer science department. The most popular software doesn't encrypt the information as it travels from server to server.

How does Oberheide know this? He hacked into his own migrating virtual machines.

"I was setting up a live virtual machine migration network in my office and I started poking around, and I noticed that it was totally insecure," Oberheide said.

As a short-term fix, companies can isolate their migration network from other network traffic or install hardware encryption devices on all their physical servers, Oberheide said.

"The important thing is to raise awareness of the vulnerability," Oberheide said. "Solutions are feasible, but they're not implemented by the most popular vendors. What is really needed is authenticated and encrypted migration so the attacker cannot perform these attacks, so that even if he can see the migration, he can't modify it."

Oberheide details his findings in a talk at the Black Hat D.C. computer security conference this week. He will present the paper, "Empirical Exploitation of Live Virtual Machine Migration." Other authors are research fellow Evan Cooke and professor Farnam Jahanian, both of U-M's Department of Electrical Engineering and Computer Science.

Source: University of Michigan

Explore further: Review: Telehealth poised to revolutionize health care

Related Stories

Review: Telehealth poised to revolutionize health care

July 13, 2016

Telehealth is growing rapidly and has the potential to transform the delivery of health care for millions of persons. That is the conclusion of a review article appearing today in the New England Journal of Medicine.

Dangerous flight into the wind farm

July 8, 2016

Wind turbines attract bats. They seem to appear particularly appealing to female noctule bats in early summer. In a pilot study, researchers of the German Leibniz Institute for Zoo and Wildlife Research in Berlin noticed ...

Virtual Iron's Server Virtualization Is Ironclad

March 27, 2007

Virtual Iron Software's Virtual Iron builds on the Xen hypervisor and other open-source components to form an effective virtualization solution with a price tag low enough to keep market leader VMware on its toes.

Recommended for you

Tech titans join to study artificial intelligence

September 29, 2016

Major technology firms have joined forces in a partnership on artificial intelligence, aiming to cooperate on "best practices" on using the technology "to benefit people and society."

MIT's flea market specializes in rare, obscure electronics

September 25, 2016

Once a month in the summer, a small parking lot on the Massachusetts Institute of Technology's campus transforms into a high-tech flea market known for its outlandish offerings. Tables overflow with antique radio equipment, ...

First test of driverless minibus in Paris Saturday

September 24, 2016

The French capital's transport authority will on Saturday carry out its first test of a driverless minibus, in the hope that regular routes for the hi-tech vehicles will be up and running within two years.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.