Solved: memory management security

cap77 · ‎07-07-2010

hi...i'm writing an attachment with the content: security of memory management functions such as memory overcommitment and ballooning.

I have two ideas for testing these functions. First is a denial of service attack...so that one VM do the other VMs unusable.

The second idea is to inject a malicious code via Ballooning from one VM to an other VM.

Has anyone other ideas to test the security of these functions or some adds to my ideas?

wila · ‎07-08-2010

Hi,

Here's some additional information for your paper.

http://www.vmware.com/pdf/usenix_resource_mgmt.pdf

and

http://www.vmware.com/pdf/esx3_memory.pdf

Hope this helps,

--
Wil
_____________________________________________________
VI-Toolkit & scripts wiki at http://www.vi-toolkit.com

Contributing author at blog www.planetvm.net

Twitter: @wilva

| Author of Vimalin. The virtual machine Backup app for VMware Fusion, VMware Workstation and Player |
| More info at vimalin.com | Twitter @wilva

View solution in original post

RParker · ‎07-07-2010

Methods for securing ESX is well documented, including making the management vSwitch separate from any other network, including VM's.

So this test is unnecessary, if you setup and secure ESX correctly, neither of these situations will ever occur. You can even segregate management network from vKernel and both of those are on a separate firewall. VM network is separated already, so even if your ESX host is in a DMZ it doesn't mean ALL the interfaces have to be DMZ, just the VM Switch.

cap77 · ‎07-07-2010

First...thank you for your answer.

but i have to analyse these functions (ballooning and overcommitment) for their safety.

It is a part of my exam what i'm writing.

So i have to find test-cases to show if the functions are safe or not.

You know what I mean?

ps...sorry for my english

Texiwill · ‎07-07-2010

Hello,

All Memory provided to a VM either via Ballooning or any other way is first zeroed. Active Memory is never part of a balloon.

Ballooning is just one form of overcommit there are two others in ESX v3 and ESX v4.0.

Content Based Page Sharing <- Idle time action that happens within the vmkernel (you can disable this per VM)
Memory Balloon <- Borrowing memory for another VM. Never borrows 'active' memory and 'zeros' all memory 'borrowed'. Disable by NOT installing the balloon driver or changing max limits for ballons.
Swap to Disk <- Slowest and .vswp file is only seen by service console.

From within a VM you may never know anything actually happened other than the VM slows down as you swap to disk.

Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

wila · ‎07-08-2010

Hi,