Risk in systems with virtualization : test case analysis

• Autorzy: Stanclik M. , Walkowiak T.
• Języki publikacji: EN

Abstrakty

EN

The paper presents an approach to risk analysis of exemplar test case information systems. Authors point out the common practice to implement virtualization and put away security considerations for future[5]. The overview of virtualization techniques, focusing on server virtualization is given. Next, authors present risk analysis of exemplar GIS system. First of all identification of threats is taken out focusing on virtualization aspects, but it also includes common threats for both that could have a significant impact on safety when using a virtualization. The risk assessment for the test case system was performed using qualitative method. Assessment of the likelihood and magnitude of impact of identified risks was performed on the basis of the expert’s knowledge and experience. The obtained results were used to develop risk rankings, which indicate the risks that need special attention when designing and managing a virtual system.

Słowa kluczowe

EN

virtualization; risk analysis; threats

• Wydawca: Polskie Towarzystwo Bezpieczeństwa i Niezawodności
• Czasopismo: Journal of Polish Safety and Reliability Association
• Rocznik: 2013
• Tom: Vol. 4, No. 2
• Strony: 249--258
• Opis fizyczny: Bibliogr. 31 poz., tab.

Twórcy

autor

Stanclik M.

• Wrocław University of Technology, Wrocław, Poland

autor

Walkowiak T.

• Wrocław University of Technology, Wrocław, Poland

Bibliografia

• [1] Barrett, D. (2010). Virtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments. Waltham: Syngress. 10-12.
• [2] Fisher-Ogden, J., Hardware Support for Efficient Virtualization, University of California, San Diego. Available at http://cseweb.ucsd.edu/~jfisherogden /hardwareVirt.pdf (access: 15.03.2013).
• [3] Flyvbjerg, B. (2006). From Nobel Prize to Project Management: Getting Risks Right. Project Management Journal 3, 37. 5-15.
• [4] Folger, P. (2011). Geospatial information and Geographic Information Systems (GIS): An Overview for Congress. Congressional Research Service, Raport 41825.
• [5] Forrester Research (2012). Virtual Security in the Data Center. Available at http://www.cisco.com/en/US/solutions/collateral/ ns224/ns945/tap_virtual_security_032012.pdf (access: 15.03.2013).
• [6] Garfinkel, T. & Rosenblum, M. (2005). When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments. Proc. 10th Workshop on Hot Topics in Operating Systems. 121-126.
• [7] Gartner Press Release, Gartner Outlines Six Most Common Virtualization Security Risks and How to Combat Them, http://www.gartner.com/newsroom/ id/1322414 (access: 15.03.2013).
• [8] Goldberg, R.P. (1973). Architectural Principles for Virtual Computer Systems. Harvard University.
• [9] Hietala, J. (2009). Top Virtualization Security Mistakes (and How to Avoid Them), SANS. Available at http://www.sans.org/reading_room/ analysts_program/McAfee_Catbird_Virtualization_Jul09.pdf (access 07.03.2013).
• [10] Hoopes, J. (2009). Virtualization for security: including sandboxing, disaster recovery, high availability. Waltham: Syngress. 10, 20-25.
• [11] Hopkin, P. (2010). Fundamentals of Risk Management. London: Kogan Page Limited. 28-31.
• [12] IBM, (2010). IBM X-Force 2010 Trend and Risk Report. Available at http://public.dhe.ibm.com/ common/ssi/ecm/en/wgl03007usen/WGL03007 USEN.PDF (access 07.03.2013).
• [13] Information Security Blog (2010). Attacks with Virtualization, http://shobhajagathpal.blogspot .com/2010/02/attacks-with-virtualization.html (access: 18.03.2013)
• [14] ISACA, (2010). Virtualization: Benefits and Challenges. Available at http://www.isaca.org/ KnowledgeCenter/Research/ResearchDeliverable s/Pages/Virtualization-Benefits-andChallenges.aspx (access: 18.03.2013).
• [15] Kahneman, D. & Tversky, A. (1979). Prospect theory: An analysis of decisions under risk. Econometrica 2, 47. 313–327.
• [16] Kaplan, S. & Garrick, B.J. (1981). On the Quantitative Definition of Risk. Risk Analysis 1, 1. 11-27.
• [17] Kaspersky Lab, (2012). Implementing Virtualization and Providing IT Security in Virtual Environments. Available at http://media. kaspersky.com/documents/business/brfwn/en/GC C-trends-in-the-corporate-market-sector-whitepaper.pdf (access: 18.03.2013).
• [18] King, S.T., Dunlap, G.W. & Chen, P.M. (2003). Operating System Support for Virtual Machines. Proc. of the 2003 Annual USENIX Technical Conference.
• [19] Kragh, E., Faber, M.H. & Guedes Soares, C. (2010). Framework for integrated risk assessment. Safety and Reliability of Industrial Products, Systems and Structures. London: Balkema.
• [20] Kroll, O. (2011). Data Loss in a Virtual Environment. Available at http://www. krollontrack.com/library/odrdataloss_krollontrac k2011.pdf (access: 15.03.2013).
• [21] Landoll, D. (2011). The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments. Boca Raton: Auerbach Publications. 436-446.
• [22] Lynch, D.M. (2008). Understanding VirtSec: An executive overview of server virtualization security issues including best practices for maintaining your security profile. Embotics Corporation.
• [23] Neiger, G., Santoni, A., Leung, F., Rodgers, D. & Uhlig, R. (2006). Intel Virtualization Technology: Hardware support for efficient processor virtualization. Intel Technology Journal. 167-177.
• [24] PCI Security Standard Council, (2011). PCI Data Security Standard. Available at https://www. pcisecuritystandards.org/documents/Virtualization_InfoSupp_v2.pdf (access: 15.03.2013)
• [25] Portnoy, M. (2012). Virtualization Essentials. Indianapolis: Sybex. 9, 20-27.
• [26] Rosenblum, M. (2004). The reincarnation of virtual machines. Queue 2, 5. 34-40.
• [27] Seymour, M., Aldham, Ch., Warner, M. & Moezzi, H., (2011). The Increasing Challenge of Data Center Desing and Management: If CFD a Must? Electronics Cooling, December 2011. 28-33.
• [28] Shackleford, D. (2012). Virtualization Security: Protecting Virtualized Environments. Indianapolis: Sybex.
• [29] Siebert, E., How to steal a virtual machine and its data in 3 easy steps, http://searchvmware. techtarget.com/news/1378347/How-to-steal-avirtual-machine-and-its-data-in-3-easy-steps (access 07.03.2013).
• [30] Smith, J.E. & Nair, R. (2005). The Architecture of Virtual Machines. Computer 5, 38. 32-38.
• [31] Victor, J., Savit, J., Combs, G., Hayler, S. & Netherton, B. (2011). Oracle Solaris 10 System Virtualization Essentials. New Yersey: Prentice Hall.