Virtualization and Cloud Security: Benefits, Caveats, and Future Developments

Abstract

The Cloud computing paradigm allows for fast provisioning and deprovisioning of a large variety of, in most cases, preconfigured services. This would not have been possible without certain supporting technologies enabling rapid deployment and release of services. Virtualization technologies have been the solution to the service management requirements. In particular, hardware virtualization technology has speeded up the deployment of possibly a large number of virtual machines (VM) on multiple hosts. These achievements enable a far more efficient usage of physical resources which can be shared among multiple tenants in order to benefit from cost savings and ease of management. Multitenancy is a fundamental feature of Cloud computing. However, multitenancy and in general resource sharing increases the exposure to security threats. In particular, timing attacks can infer information from sibling VMs running on the same physical host. Furthermore, security and privacy issues are due to the present architecture of virtualization-based services in the Cloud. In particular, platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) on both Public and Hybrid Clouds potentially allow the Cloud host administrators to get access to service provider (SP) and service consumer data. This way, service execution time and outcome reliability can be affected. Enterprises are mostly aware of the risks involved with multitenancy. As such, they often opt for a Private or Hybrid Cloud approach that is more costly and usually less scalable than a Public Cloud. In this context, novel Cloud approaches are required to enhance monitoring and security auditing of VMs and services. At the same time, a better privacy for both the SP and the service user (SU) should be guaranteed. The objective of this chapter is to shed light on virtualization technologies that empower the Cloud and that will be increasingly relevant for the evolution of Cloud services, together with the associated frameworks and principles. It also reviews present and possible future approaches to security for Cloud resources.