Issues 2008: Virtualization Security Workshop

Chair: Dr. Harvey H. Rubinovitz

Tuesday, 9 December 2008, 8:30 a.m. - 4:30 p.m.

Virtualization comes in many flavors but in general allows multiple virtual machine instances be hosted on one single, physical machine. Many organizations are using virtualization to improve utilization, increase flexibility, reduce administrative cost, and reduce the number of physical systems.

The methods used to virtualize raise a number of security concerns, such as: What's to prevent vulnerabilities in the virtualization software from affecting one or more of the virtual systems? What new security concerns are there now that multiple operating systems that typically might rely on physical boundaries for protection are contained on one server rather than hosted on several physical systems? How can we gain the network visibility we are used to having now that connections between systems are happening in the virtualized network space? If one of the virtual systems is hacked, what can prevent a compromise of the other virtual systems on the same physical system?

Tradeoffs between cost, functionality, and security also need to be considered. Are the cost savings on hardware and easier management of virtual systems worth the potential changes in the security concerns? Are the current defenses such as firewalls and security applications ready for virtualization? Are there any issues with our current security tools when applied to the virtual world? What about the possible virtualization of malware, rootkits, etc. and the effects it can have?

This workshop will focus on virtualization security, how users of virtualized systems can be educated to maintain the security posture of their systems, and how to improve the state of the art of virtualized systems. The workshop will also look at the need to facilitate research and development of the next generation of virtualization security standards and tools to assist in the creation of better, more secure virtual systems.

Participants in previous workshops agree that the workshops have provided a useful and exciting forum for members of the virtualization standards and development worlds to exchange ideas, opinions, and concerns. Due to community interest in virtualization security and the rapidly evolving technologies, this year's workshop should generate much discussion.

Pre-registration is required as there is a registration fee to cover the cost of the workshop, lunch, and snack. Position papers are encouraged. To submit a paper, contact Harvey Rubinovitz, Workshop Chair, The MITRE Corporation, M/S S145, 202 Burlington Road, Bedford, Massachusetts 01730; (781)-271-3076; If you are interested in attending please check off the appropriate box on the conference registration form and add in the workshop fee.


Isolation And Integrity Management In Dynamic Virtualized Enviroments, Reiner Sailer

Virtualization in Multilevel Security Enviroments, Christoph Schuba

Virtualization Security Features, John McDermott