« Previous 1 2 3
Avoiding KVM configuration errors
Active Separation
A Study as a Source
The security of KVM-based virtualization can certainly be considered highly complex, which is why I have only singled out a few, albeit very central, issues. The material comes from a 2016 security analysis performed by OpenSource Security Ralf Spenneberg [8] on behalf of The German Federal Office for Information Security [9]. The company not only investigated the security of KVM itself, but also of its ecosystem, consisting of Qemu and libvirt, as well as network-based data storage with Ceph and GlusterFS. The study is due to be published soon.
Infos
- KVM: https://www.linux-kvm.org
- Qemu: http://www.qemu-project.org
- "Passing Host PCI Devices Through to the KVM Guest" by Oliver Rath, Hans-Peter Merkel, and Markus Feilner. Linux Pro Magazine , issue 114, May 2010, pg. 46
- libvirt: http://libvirt.org
- "KSM (Kernel Samepage Merging)" by Christoph Mitasch, https://www.thomas-krenn.com/en/wiki/KSM_(Kernel_Samepage_Merging)
- "Wait a minute! A fast, cross-VM attack on AES" by Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar, https://eprint.iacr.org/2014/435.pdf
- MacVTap: http://virt.kernelnewbies.org/MacVTap
- OpenSource Security Ralf Spenneberg: https://opensource-security.de (in German)
- The German Federal Office for Information Security: https://www.bsi.bund.de/EN/TheBSI/thebsi_node.html @IE
« Previous 1 2 3
Buy this article as PDF
Express-Checkout as PDF
Price $2.95
(incl. VAT)
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Topics
12.04 LTS
16 cores
8 cores
AI
AMD
AMD-V
AMI
Active Directory
Administration
Amazon AWS
Amazon CloudFront
Amazon Machine Images
Anaconda
Analytics
Ansible
Apache
Apache Deltacloud
Apache benchmarking tool
ab
acceleration
acquisition
admin tools
agedu
alert
amazon
analysis
analysis
anticipatory
application performance