December 5–9, 2011 | Buena Vista Palace Hotel & Spa | Orlando, Florida, USA

• Venue
• Program
•   –   Courses / Tutorials
•   –   FISMA Training
•   –   GTIP Workshop
•   –   LAW Workshop
• Print Proceedings
• Sponsorships & Exhibits
• Committees
• Call for Participation

• About ACSAC
• Past ACSACs
• Mailing List
• Security Bookshelf
• FAQs

2011 Annual Computer Security Applications Conference

Course T5 – Virtualization and Security

Mr. Zed Abbadi, Public Company Accounting Oversight Board (PCAOB)

Tuesday Morning, December 6th, Half Day

In recent years, virtualization has become one of the most deployed technologies in the IT field. It provides clear benefits when it comes to utilization, maintenance, redundancy and lower power consumption. However, just like every new technology, virtualization is still evolving and there are still unanswered security questions. Virtualization is a concept that encompasses many types of technologies used in different configurations and for a variety of reasons. Each one of these technologies presents its own unique sets of security challenges and benefits.

This course will provide a basic understanding of the various virtualization technologies and discuss the security aspects and characteristics of each one. It will provide the audience with valuable material on how to utilize virtualization to decrease risks from security attacks and how to avoid vulnerabilities that may accompany virtualization technologies.

Outline

1. Virtualization Introduction. We will define virtualization, present some history and go over the various types of virtualization that currently exist in the market place.
2. Server Virtualization. Server virtualization is primarily used to better utilize hardware platforms and allow for easier management of virtual servers. It allows for high availability and provides additional security benefits such as sandboxing and honeypots (including live forensics).
3. Client Virtualization. Client virtualization spans several technologies and in some cases carries great security and maintainability benefits. Various techniques can be used to isolate different client components in the user environment. Depending on the need and infrastructure available. Client virtualization can take the various forms.
4. OS Streaming. OS steaming is an old concept that has recently started to take hold again. It allows for a thin client (PC or some other device) to run through streaming of an OS stored on a networked server. The major distinction here is that the client device does not store any permanent data and completely relies on the network and the OS server to function.
5. Workspace Virtualization. Workspace virtualization is similar in concept to desktop virtualization, however only OS and application configuration settings are virtualized, allowing for a re-configuration of an already installed OS based on user/enterprise preferences. This is considered a light weight mode of virtualization, but none the less provides some security benefits especially when it comes to security hardening through specific settings and configuration.
6. Hypervisor Security. There has been great interest in the concept of hypervisor (virtualization kernel) and potential security vulnerabilities that may lead to serious comprises. While so far nothing serious has been uncovered in hypervisors developed by major virtualization vendors, the discussion continues as to whether hypervisors are inherently secure due to their small footprint, or that it is only a matter of time before serious vulnerabilities are discovered and exploited. We will discuss both points of view and provide evidence that supports both theories.
7. Isolation and Rollbacks. One great benefit of virtualization is the ability to reset a system to a previous state captured in the past. This ability can be very useful in situations where an attack has taken place on a system and the only way to recover is to revert back to a previous system image. This sounds good only to discover that there are risks associated with such scenario including synchronization issues, data loss, and other malicious software embedded in previous images or snapshots.

Prerequisites

General understanding of computer architecture and basic security concepts.

About the Instructor

Mr. Zed Abbadi is an Application Security Manager with the Public Company Accounting Oversight Board (PCAOB). He has over 18 years of experience in software and security engineering. His experience ranges from providing security consulting services to building large-scale software systems. In his current role he is responsible for the security of all software applications that run on PCAOB.s infrastructure.

Zed holds a Bachelor of Science in Computer Science and a Masters degree in Systems Engineering from George Mason University. He is a published author and has presented at various security conferences.

Home | Mailing List | FAQs | Privacy Policy | Contact Us

Copyright © 2011 ACSAC