Virtualization and diversification
Virtualization technologies allow multiple virtual machines to be executed on a single physical machine. In this case, virtual machine access to hardware resources is controlled by a virtual machine manager, also called a hypervisor. Today, these technologies are primarily used to reduce the costs of computing systems by mutualizing the use of hardware and software resources. Virtualization can affect computer security both positively or negatively. On the positive side, we have used virtualization to apply diversity in critical computing systems at the level of operating systems. In this case, we make the assumption that an attack succeeds if it reaches a particular version of software on a particular version of the operating system. We have designed an architecture able to diversify the runtime environment of an application with different virtual machines running different operating systems. It is possible to compare the behavior of these virtual machines to detect divergences that could result from the compromise of one of the virtual machines. This approach has been applied to avionics maintenance laptops. But virtualization can also have negative effect on computing system security, in particular if the hypervisor is compromised. To detect hypervisor compromise, we are currently developing an approach based on nested virtualization to observe the state of the hypervisor. Our new minimalist virtualization layer is below the original hypervisor and it checks periodically whether the invariants of the hypervisor state are still valid. This architecture is studied in the context of cloud computing, where we consider that some virtual machines can be malicious and may try to attack the other virtual machines through the hypervisor.