The security of our cloud-based systems is paramount. In this video, you’ll learn about the importance of VM sprawl avoidance and VM escape protection.
<< Previous Video: Infrastructure as Code Next: Secure Deployments >>
One of the huge advantages that cloud computing brings is the ability to deploy a new set of application instances with the click of a button. This process can be automated so that multiple servers, databases, and security devices can all be deployed automatically at an instant. We need to make sure that the process we have for deploying these application instances also considers the process of recovering those deployed instances and returning all of those resources to the pool. This is the problem we have with virtual machine sprawl. We have all of these virtual machines that keep being built on our network and we don’t deprovision these instances when they’re no longer needed. At some point, we aren’t sure exactly which virtual machines are related to which application instances, and now it becomes much more difficult to remove these resources from the network.
This is why it’s important to have a formal process for provisioning an application instance, and then the deprovisioning of that application instance. It’s also a good idea to make sure that every virtual object is identified and that you have a way to track it from the moment it’s created until the moment that it’s deprovisioned. One of the useful characteristics of a virtual machine is that it is self-contained. Everything happening within that virtual machine only happens as part of that VM and has no effect on any other VMs that might be running on that network.
Unfortunately, there is an attack type called a virtual machine escape that would allow someone on one virtual machine to be able to gain access to resources that are on a completely separate virtual machine. This is obviously a significant exploit, because these virtual machines should never be able to share resources between each other. And finding an exploit that would allow someone to hop from virtual machine to virtual machine would be a significant security concern. Someone who had access to this kind of exploit would effectively have full control of your virtual environment, your applications, and all of your data.
Fortunately, these types of exploits are very rare. But an example of one that occurred was in March of 2017, at the Pwn2Own competition, which is a hacking contest. If you’re able to gain access into a system, you would effectively be able to take that system home with you. This exploit started by taking advantage of a JavaScript engine bug in Microsoft Edge Browser. This bug allowed code execution within the Microsoft Edge sandbox, which then allowed someone access to the Windows 10 kernel. That user then took advantage of a Windows 10 kernel bug, which compromised the guest operating system of that virtual machine. At which point they were able to take advantage of a hardware simulation bug in VMware, and escape that particular VM host into a separate VM host on that service. This was obviously a significant security flaw, and instead of this being something that was seen in the wild, there were patches deployed for the virtual environment, the operating system, and for the Edge browser.