Virtualisation techniques and virtualised design-architectures propose an extra layer of execution, including their administrator role (virtualisation admin), which need precise management and security assurance.
Based on Virtualization, the classification of Virtualisation is categorised.
1. Operating System-Level virtualisation.
2. Application-Level Virtualisation.
3. Full-Hardware Emulation.
4. Hardware Virtualisation.
a. Full Virtualisation.
b. Para-Virtualisation.
c. Hardware-assisted Virtualisation.
An operating system that supports various instances of isolated user-space, called containers. Each container can target a single application and install only the needed software and libraries to run this application. The host machine’s hardware resources are partitioned between different guest machines. The host OS deploys many instances of guest OSes, with a lightweight execution of the operating system or application. Resources are assigned to containers that represent a set of processes, files, and partitions. This strategy presents high performance, low overhead, and permits the execution of the same OS as the host machine. Examples of solutions supporting operating system-level virtualization include Docker, Virtuozzo, OpenVZ, and Solaris Containers.
It enhances programs’ portability between different software-hardware architectures. It is based on various components, including a portable language, a compiler between source code and an architecture-independent design (bytecode), a bytecode interpreter, and an execution environment that renders bytecode into low-level operations on the host machine. Examples of solutions supporting application-level virtualization include Java VM, Microsoft .NET, Perl, Python, and Ruby.
It is the strategy of executing an unmodified system (guest OS) in a separate host architecture. It emulates all features of a software system or device on a hardware platform with a diverse instruction set. Examples of solutions that support full hardware emulation include Bochs, QEMU, VirtualPC.
It defines a class of virtualization technologies in which a software system or device is executed on a hardware platform with the same instruction set. We note that there is not always a strict separation between hardware virtualization and emulation, since in some cases hardware emulators can be used for device virtualization. Hardware virtualization is further categorised into three classes as follows.
a. Full Virtualization.
b. Para-Virtualization.
c. Hardware-Assisted Virtualization.
The virtualization of (x86) systems by simulating the underlying hardware. The hardware is simulated in software by each virtual machine. The guest OS is completely segregated from the underlying hardware, access to which is mediated by the virtualization layer (virtual machine monitor). The guest OS runs unmodified with no need for hardware or operating-system support. Full virtualization can be based on a mix of binary translation of kernel code and direct execution of user-level code. Binary translation transforms and caches the kernel code that needs to be executed by the guest OS.
Examples of solutions supporting hardware virtualization include VirtualBox, Virtual PC, VMware, Win4Lin, Xen, and User Mode Linux.
The lightweight virtualization system where the hypervisor discloses hypercalls that can be directly called by a modified guest OS to simulate privileged instructions that are difficult to virtualize. The hypercalls implement a virtualized version of system calls and invoke the hypervisor’s services. They can be called by a modified guest OS through known APIs. Paravirtualization provides more excellent execution and lower overhead than full virtualization (it does not require emulation of system resources), at the cost of requiring changes to the guest operating system. Examples of solutions supporting paravirtualization include Xen, KVM/QEMU, and Win4Lin 9x.
It builds on hardware vendors’ efforts to provide new specialities to support virtualization techniques. Intel Virtualization Technology (VT-x) and AMD’s AMD-V were introduced midway through the first decade of the 2000s and provide a new execution mode that allows virtual machine monitors to run in a new privileged mode. It makes hardware extension available to the guest OS, providing better performance and reducing changes required by paravirtualization. Examples of solutions supporting hardware virtualization include VmwareWorkstation (64-bit), VirtualBox, Xen, KVM/QEMU, Parallels, and Microsoft Hyper-V.
The guest OS is the starting point for numerous advances. Exploiting vulnerability in the guest or host OS may exhibit the system to the subsequent consequences.
Attack the VM or other VMs (direct attack): an adversary may exert benefit of simple access control or deliberate inter-VM relations. It depends on the host configuration and access control.
Attack the hypervisor: It commences in a guest OS and is hypervisor-dependent. Paravirtualized drivers, clipboard sharing, display output, and network traffic lead to creating this type of channel.
Attack the hardware on the host: hardware platforms often request firmware updates. An intruder could upload rogue firmware to support the initiative.
Attack the host architecture: The standard side-channel attack against a shared component.