New computer network security threat identified

Large companies are vulnerable to hackers when they network their computers for cost-saving live virtual machine migration, University of Michigan researchers say.

Virtualization, which allows multiple operating systems, or "virtual machines" and their applications to share one physical server, has been possible for decades, but live virtual machine migration is relatively new.

It allows individual virtual machines to migrate among several servers throughout the day with little service downtime, equalizing the load on the servers as it fluctuates. The security of live virtual machine migration has not been studied extensively, but the set-up is common in large companies today.

Hackers could intercept data and compromise the integrity of a virtual machine's operating system during live migration, said Jon Oberheide, a doctoral candidate in the electrical engineering and computer science department. The most popular software doesn't encrypt the information as it travels from server to server.

How does Oberheide know this? He hacked into his own migrating virtual machines.

"I was setting up a live virtual machine migration network in my office and I started poking around, and I noticed that it was totally insecure," Oberheide said.

As a short-term fix, companies can isolate their migration network from other network traffic or install hardware encryption devices on all their physical servers, Oberheide said.

"The important thing is to raise awareness of the vulnerability," Oberheide said. "Solutions are feasible, but they're not implemented by the most popular vendors. What is really needed is authenticated and encrypted migration so the attacker cannot perform these attacks, so that even if he can see the migration, he can't modify it."

Oberheide details his findings in a talk at the Black Hat D.C. computer security conference this week. He will present the paper, "Empirical Exploitation of Live Virtual Machine Migration." Other authors are research fellow Evan Cooke and professor Farnam Jahanian, both of U-M's Department of Electrical Engineering and Computer Science.

Source: University of Michigan

Related stories:

Idle computers offer hope to solve cancer's mysteries through grid computing project
A biomedical engineering professor at The University of Texas at Austin is using a concept called "grid computing" to allow the average person to donate idle computer time in a global effort to fight cancer.
Intel Launches First Industry-Standard Quad-Core Products for High-End, Multi-Processor Servers
Intel Corporation has unveiled the industry's first quad-core processors specifically designed for multi-processor (MP) servers running applications requiring uncompromised performance, reliability and scalability. Such applications are typically run in virtualized environments for server consolidation and database uses, enterprise resource planning and business intelligence.
IBM Unveils New Software to Reduce Data Center Complexity
IBM today announced a new release of its premier virtualization management software that adds powerful new capabilities for simplifying the management of virtual and physical systems across multiple platforms. In addition, the software is now available on POWER-based servers, leveraging the expanded virtualization capabilities recently announced with the launch of the POWER6 microprocessor.
IBM Unleashes World's Fastest Chip in Powerful New Computer
IBM today simultaneously launched the fastest microprocessor ever built and an ultra-powerful new computer server that leverages the chip’s many breakthroughs in energy conservation and virtualization technology. The new server is the first ever to hold all four major benchmark speed records for business and technical performance.
The State of Ubuntu 7.04 Is Strong
With companies and individuals everywhere failing to find the wow in Windows Vista, Apple's OS X riding iPod sales and snarky commercials to steady growth, and long-time Microsoft partner Dell announcing plans to market a Linux desktop to the mainstream, it seems certain that the days of Microsoft's desktop monopoly are numbered.
Virtual Iron's Server Virtualization Is Ironclad
Virtual Iron Software's Virtual Iron builds on the Xen hypervisor and other open-source components to form an effective virtualization solution with a price tag low enough to keep market leader VMware on its toes.
Home IQ: Winning technologies will make people smarter -- not their houses
Someday, we may be getting fashion advice from our mirrors. Instead of digging through our closets to find the perfect complement for a new shirt, we may hold it up to our bedroom mirror for a computer to scan. Using radio-frequency identification technology, our electronic fashion stylist will then offer suggestions based on what's in our closet or how the latest edition of Vogue or Teen Beat pairs up something similar.
Gearbox readies two new games: 'Borderlands' and 'Aliens'
I got to visit Gearbox Softwarelast week, and the game developer clearly has some cool stuff up its sleeve. (I use that term deliberately: Gearbox president Randy Pitchford was once a professional magician.)

News discussion:

Technology news